Thread (7 messages) 7 messages, 4 authors, 2021-07-02

Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow

From: Dan Carpenter <hidden>
Date: 2021-06-25 10:33:44
Also in: kernel-janitors, lkml, netfilter-devel 

On Fri, Jun 25, 2021 at 12:20:21PM +0200, Pablo Neira Ayuso wrote:
Hi,

On Fri, Jun 25, 2021 at 12:59:01PM +0300, Dan Carpenter wrote:
quoted
Btw, why is there no clean up if nft_table_validate() fails?
See below.
quoted
net/netfilter/nf_tables_api.c
  3432                                  list_add_tail_rcu(&rule->list, &old_rule->list);
  3433                          else
  3434                                  list_add_rcu(&rule->list, &chain->rules);
  3435                  }
  3436          }
  3437          kvfree(expr_info);
  3438          chain->use++;
  3439  
  3440          if (flow)
  3441                  nft_trans_flow_rule(trans) = flow;
  3442  
  3443          if (nft_net->validate_state == NFT_VALIDATE_DO)
  3444                  return nft_table_validate(net, table);
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The cleanup for this would be quite involved unfortunately...  Not
necessarily something to attempt without being able to test the code.
At this stage, the transaction has been already registered in the
list, and the nf_tables_abort() path takes care of undoing what has
been updated in the preparation phase.
Ah...  Thanks.

regards,
dan carpenter
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help