netfilter: Fix error in ipq_enqueue_packet

Submitter	Krishna Kumar
Date	May 2, 2012, 6:51 a.m.
Message ID	<20120502065150.4651.70099.sendpatchset@localhost.localdomain>
Download	mbox \| patch
Permalink	/patch/156379/
State	Superseded
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <netfilter-devel@vger.kernel.org> from <krkumar2@in.ibm.com>; Wed, 2 May 2012 12:22:29 +0530 Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 2 May 2012 12:21:53 +0530 From: Krishna Kumar <krkumar2@in.ibm.com> To: kaber@trash.net Cc: netfilter-devel@vger.kernel.org, Krishna Kumar <krkumar2@in.ibm.com> Date: Wed, 02 May 2012 12:21:50 +0530 Message-Id: <20120502065150.4651.70099.sendpatchset@localhost.localdomain> Subject: [PATCH] netfilter: Fix error in ipq_enqueue_packet Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Comments

Krishna Kumar - May 2, 2012, 6:51 a.m.

ipq_enqueue_packet sets status=-EINVAL and calls
ipq_build_packet_message(entry, &status). This can
set status=0 while returning an skb. The next line:
	if (!peer_pid)
		goto err_out_free_nskb;
which wrongly returns success.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
---
 net/ipv4/netfilter/ip_queue.c  |    6 ++++--
 net/ipv6/netfilter/ip6_queue.c |    6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff -ruNp org/net/ipv4/netfilter/ip_queue.c new/net/ipv4/netfilter/ip_queue.c
--- org/net/ipv4/netfilter/ip_queue.c	2012-04-23 08:28:23.000000000 +0530
+++ new/net/ipv4/netfilter/ip_queue.c	2012-05-02 11:28:33.899790397 +0530
@@ -227,7 +227,7 @@  nlmsg_failure:
 static int
 ipq_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
 {
-	int status = -EINVAL;
+	int status;
 	struct sk_buff *nskb;
 
 	if (copy_mode == IPQ_COPY_NONE)
@@ -239,8 +239,10 @@  ipq_enqueue_packet(struct nf_queue_entry
 
 	spin_lock_bh(&queue_lock);
 
-	if (!peer_pid)
+	if (!peer_pid) {
+		status = -EINVAL;
 		goto err_out_free_nskb;
+	}
 
 	if (queue_total >= queue_maxlen) {
 		queue_dropped++;
diff -ruNp org/net/ipv6/netfilter/ip6_queue.c new/net/ipv6/netfilter/ip6_queue.c
--- org/net/ipv6/netfilter/ip6_queue.c	2012-04-23 08:28:23.000000000 +0530
+++ new/net/ipv6/netfilter/ip6_queue.c	2012-05-02 11:30:21.199578311 +0530
@@ -227,7 +227,7 @@  nlmsg_failure:
 static int
 ipq_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
 {
-	int status = -EINVAL;
+	int status;
 	struct sk_buff *nskb;
 
 	if (copy_mode == IPQ_COPY_NONE)
@@ -239,8 +239,10 @@  ipq_enqueue_packet(struct nf_queue_entry
 
 	spin_lock_bh(&queue_lock);
 
-	if (!peer_pid)
+	if (!peer_pid) {
+		status = -EINVAL;
 		goto err_out_free_nskb;
+	}
 
 	if (queue_total >= queue_maxlen) {
 		queue_dropped++;

Patchwork netfilter: Fix error in ipq_enqueue_packet

Comments

Patch