[2/6] netfilter: Fix potential crash in nft_hash walker

Message ID	1427049998-5665-3-git-send-email-pablo@netfilter.org
State	Awaiting Upstream
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> spamassassin: 3.4.0. Clear:RC:1(127.0.0.1):SA:0(-103.2/7.5):. Processed in 1.938887 secs); 22 Mar 2015 18:42:47 -0000 From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 2/6] netfilter: Fix potential crash in nft_hash walker Date: Sun, 22 Mar 2015 19:46:34 +0100 Message-Id: <1427049998-5665-3-git-send-email-pablo@netfilter.org> In-Reply-To: <1427049998-5665-1-git-send-email-pablo@netfilter.org> References: <1427049998-5665-1-git-send-email-pablo@netfilter.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

1427049998-5665-3-git-send-email-pablo@netfilter.org

State

Awaiting Upstream

Delegated to:

Pablo Neira

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 2/6] netfilter: Fix potential crash in nft_hash walker
Date: Sun, 22 Mar 2015 19:46:34 +0100
Message-Id: <1427049998-5665-3-git-send-email-pablo@netfilter.org>
In-Reply-To: <1427049998-5665-1-git-send-email-pablo@netfilter.org>
References: <1427049998-5665-1-git-send-email-pablo@netfilter.org>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Pablo Neira Ayuso March 22, 2015, 6:46 p.m. UTC

From: Herbert Xu <herbert@gondor.apana.org.au>

When we get back an EAGAIN from rhashtable_walk_next we were
treating it as a valid object which obviously doesn't work too
well.

Luckily this is hard to trigger so it seems nobody has run into
it yet.

This patch fixes it by redoing the next call when we get an EAGAIN.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_hash.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index c82df0a..37c15e6 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -153,6 +153,8 @@  static void nft_hash_walk(const struct nft_ctx *ctx, const struct nft_set *set,
 				iter->err = err;
 				goto out;
 			}
+
+			continue;
 		}
 
 		if (iter->count < iter->skip)

[2/6] netfilter: Fix potential crash in nft_hash walker

Commit Message

Patch