* [PATCH nf] netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL
@ 2017-04-02 10:01 Liping Zhang
2017-04-08 21:44 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Liping Zhang @ 2017-04-02 10:01 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, Liping Zhang
From: Liping Zhang <zlpnobody@gmail.com>
For IPCTNL_MSG_EXP_GET, if the CTA_EXPECT_MASTER attr is specified, then
the NLM_F_DUMP request will dump the expectations related to this
connection tracking.
But we forget to check whether the conntrack has nf_conn_help or not,
so if nfct_help(ct) is NULL, oops will happen:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: ctnetlink_exp_ct_dump_table+0xf9/0x1e0 [nf_conntrack_netlink]
Call Trace:
? ctnetlink_exp_ct_dump_table+0x75/0x1e0 [nf_conntrack_netlink]
netlink_dump+0x124/0x2a0
__netlink_dump_start+0x161/0x190
ctnetlink_dump_exp_ct+0x16c/0x1bc [nf_conntrack_netlink]
? ctnetlink_exp_fill_info.constprop.33+0xf0/0xf0 [nf_conntrack_netlink]
? ctnetlink_glue_seqadj+0x20/0x20 [nf_conntrack_netlink]
ctnetlink_get_expect+0x32e/0x370 [nf_conntrack_netlink]
? debug_lockdep_rcu_enabled+0x1d/0x20
nfnetlink_rcv_msg+0x60a/0x6a9 [nfnetlink]
? nfnetlink_rcv_msg+0x1b9/0x6a9 [nfnetlink]
[...]
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
---
net/netfilter/nf_conntrack_netlink.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index f776314..1bb2f27 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2783,6 +2783,12 @@ static int ctnetlink_dump_exp_ct(struct net *net, struct sock *ctnl,
return -ENOENT;
ct = nf_ct_tuplehash_to_ctrack(h);
+ /* No expectation linked to this connection tracking. */
+ if (!nfct_help(ct)) {
+ nf_ct_put(ct);
+ return 0;
+ }
+
c.data = ct;
err = netlink_dump_start(ctnl, skb, nlh, &c);
--
2.5.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf] netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL
2017-04-02 10:01 [PATCH nf] netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL Liping Zhang
@ 2017-04-08 21:44 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-04-08 21:44 UTC (permalink / raw)
To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang
On Sun, Apr 02, 2017 at 06:01:33PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@gmail.com>
>
> For IPCTNL_MSG_EXP_GET, if the CTA_EXPECT_MASTER attr is specified, then
> the NLM_F_DUMP request will dump the expectations related to this
> connection tracking.
>
> But we forget to check whether the conntrack has nf_conn_help or not,
> so if nfct_help(ct) is NULL, oops will happen:
>
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> IP: ctnetlink_exp_ct_dump_table+0xf9/0x1e0 [nf_conntrack_netlink]
> Call Trace:
> ? ctnetlink_exp_ct_dump_table+0x75/0x1e0 [nf_conntrack_netlink]
> netlink_dump+0x124/0x2a0
> __netlink_dump_start+0x161/0x190
> ctnetlink_dump_exp_ct+0x16c/0x1bc [nf_conntrack_netlink]
> ? ctnetlink_exp_fill_info.constprop.33+0xf0/0xf0 [nf_conntrack_netlink]
> ? ctnetlink_glue_seqadj+0x20/0x20 [nf_conntrack_netlink]
> ctnetlink_get_expect+0x32e/0x370 [nf_conntrack_netlink]
> ? debug_lockdep_rcu_enabled+0x1d/0x20
> nfnetlink_rcv_msg+0x60a/0x6a9 [nfnetlink]
> ? nfnetlink_rcv_msg+0x1b9/0x6a9 [nfnetlink]
> [...]
Applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-08 21:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-02 10:01 [PATCH nf] netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL Liping Zhang
2017-04-08 21:44 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.