projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a843619) | patch
netfilter: Can't fail and free after table replacement
authorThomas Graf <tgraf@suug.ch>
Fri, 4 Apr 2014 15:57:45 +0000 (17:57 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 31 May 2014 04:52:11 +0000 (21:52 -0700)
commitc5e4ef499cfc78de45a4f01b8c557b5964d77c53
tree5647f057d4c013d074d839620a6e53fb713a86a0tree | snapshot (tar.gz zip)
parenta843619f1b755a2870f235b8aab5d2cc327bf456commit | diff
netfilter: Can't fail and free after table replacement

commit c58dd2dd443c26d856a168db108a0cd11c285bf3 upstream.

All xtables variants suffer from the defect that the copy_to_user()
to copy the counters to user memory may fail after the table has
already been exchanged and thus exposed. Return an error at this
point will result in freeing the already exposed table. Any
subsequent packet processing will result in a kernel panic.

We can't copy the counters before exposing the new tables as we
want provide the counter state after the old table has been
unhooked. Therefore convert this into a silent error.

Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/bridge/netfilter/ebtables.c diff | blob | blame | history
net/ipv4/netfilter/arp_tables.c diff | blob | blame | history
net/ipv4/netfilter/ip_tables.c diff | blob | blame | history
net/ipv6/netfilter/ip6_tables.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)