git.baikalelectronics.ru Git - kernel.git/commit

author	Thomas Graf <tgraf@suug.ch>
	Fri, 4 Apr 2014 15:57:45 +0000 (17:57 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 5 Apr 2014 15:46:22 +0000 (17:46 +0200)
commit	45443d7c793e379e6dd0f6ed83f7517b7cc38c95
tree	fc3b89ed8e66d3f99f9322efc812e8c7bcd60509	tree \| snapshot
parent	7a27c4c527591f6eb50f12a0458238e129a3d3b1	commit \| diff

netfilter: Can't fail and free after table replacement

All xtables variants suffer from the defect that the copy_to_user()
to copy the counters to user memory may fail after the table has
already been exchanged and thus exposed. Return an error at this
point will result in freeing the already exposed table. Any
subsequent packet processing will result in a kernel panic.

We can't copy the counters before exposing the new tables as we
want provide the counter state after the old table has been
unhooked. Therefore convert this into a silent error.

Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/bridge/netfilter/ebtables.c		diff \| blob \| history
net/ipv4/netfilter/arp_tables.c		diff \| blob \| history
net/ipv4/netfilter/ip_tables.c		diff \| blob \| history
net/ipv6/netfilter/ip6_tables.c		diff \| blob \| history