projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a0144a) | patch
netfilter: nf_tables: don't allow to rename to already-pending name
authorFlorian Westphal <fw@strlen.de>
Tue, 17 Jul 2018 05:17:56 +0000 (07:17 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 5 Sep 2018 07:26:27 +0000 (09:26 +0200)
commit123534dbd49094b9f68e53fffd8cbd8a9f9f976e
tree084d48f20d0041de61048d06de4027138672707ctree | snapshot (tar.gz zip)
parent4a0144a43c526e6d8d274fce2e4241854ef8712ccommit | diff
netfilter: nf_tables: don't allow to rename to already-pending name

[ Upstream commit c6cc94df65c3174be92afbee638f11cbb5e606a7 ]

Its possible to rename two chains to the same name in one
transaction:

nft add chain t c1
nft add chain t c2
nft 'rename chain t c1 c3;rename chain t c2 c3'

This creates two chains named 'c3'.

Appears to be harmless, both chains can still be deleted both
by name or handle, but, nevertheless, its a bug.

Walk transaction log and also compare vs. the pending renames.

Both chains can still be deleted, but nevertheless it is a bug as
we don't allow to create chains with identical names, so we should
prevent this from happening-by-rename too.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netfilter/nf_tables_api.c diff | blob | blame | history