projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca0e8bd)
netfilter: nft_compat: use _safe version of list_for_each
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 4 Nov 2013 12:58:56 +0000 (15:58 +0300)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 4 Nov 2013 21:58:30 +0000 (22:58 +0100)
We need to use the _safe version of list_for_each_entry() here otherwise
we have a use after free bug.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_compat.c patch | blob | blame | history

diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 4811f762e0600f78c44a5928690aaba762adae1e..a82667c64729a3964e8fbd44f0ddd69d1cefa5c3 100644 (file)
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -634,9 +634,9 @@ nft_match_select_ops(const struct nft_ctx *ctx,
 
 static void nft_match_release(void)
 {
-       struct nft_xt *nft_match;
+       struct nft_xt *nft_match, *tmp;
 
-       list_for_each_entry(nft_match, &nft_match_list, head)
+       list_for_each_entry_safe(nft_match, tmp, &nft_match_list, head)
                kfree(nft_match);
 }
 
@@ -705,9 +705,9 @@ nft_target_select_ops(const struct nft_ctx *ctx,
 
 static void nft_target_release(void)
 {
-       struct nft_xt *nft_target;
+       struct nft_xt *nft_target, *tmp;
 
-       list_for_each_entry(nft_target, &nft_target_list, head)
+       list_for_each_entry_safe(nft_target, tmp, &nft_target_list, head)
                kfree(nft_target);
 }