From: Dan Carpenter <dan.carpenter@oracle.com>
To: Colin King <colin.king@canonical.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>,
"David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, kernel-janitors@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow
Date: Fri, 25 Jun 2021 12:59:01 +0300 [thread overview]
Message-ID: <20210625095901.GH2040@kadam> (raw)
In-Reply-To: <20210624195718.170796-1-colin.king@canonical.com>
Btw, why is there no clean up if nft_table_validate() fails?
net/netfilter/nf_tables_api.c
3432 list_add_tail_rcu(&rule->list, &old_rule->list);
3433 else
3434 list_add_rcu(&rule->list, &chain->rules);
3435 }
3436 }
3437 kvfree(expr_info);
3438 chain->use++;
3439
3440 if (flow)
3441 nft_trans_flow_rule(trans) = flow;
3442
3443 if (nft_net->validate_state == NFT_VALIDATE_DO)
3444 return nft_table_validate(net, table);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The cleanup for this would be quite involved unfortunately... Not
necessarily something to attempt without being able to test the code.
3445
3446 return 0;
3447
3448 err_destroy_flow_rule:
3449 nft_flow_rule_destroy(flow);
3450 err_release_rule:
3451 nf_tables_rule_release(&ctx, rule);
3452 err_release_expr:
3453 for (i = 0; i < n; i++) {
3454 if (expr_info[i].ops) {
3455 module_put(expr_info[i].ops->type->owner);
3456 if (expr_info[i].ops->type->release_ops)
3457 expr_info[i].ops->type->release_ops(expr_info[i].ops);
3458 }
3459 }
3460 kvfree(expr_info);
3461
3462 return err;
3463 }
regards,
dan carpenter
next prev parent reply other threads:[~2021-06-25 9:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 19:57 [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow Colin King
2021-06-25 9:59 ` Dan Carpenter [this message]
2021-06-25 10:20 ` Pablo Neira Ayuso
2021-06-25 10:33 ` Dan Carpenter
2021-06-25 10:06 ` AW: " Walter Harms
2021-06-25 10:21 ` Pablo Neira Ayuso
2021-07-02 0:56 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210625095901.GH2040@kadam \
--to=dan.carpenter@oracle.com \
--cc=colin.king@canonical.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.