xt_hashlimit: dl_seq_stop() fix

Message ID	1269463664.2849.9.camel@edumazet-laptop
State	Not Applicable, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; b=r2Tm4SwewGbos8mxezraj+Tfq8JU2GjR2fN9iwAf16jc+QCVtybEyD5LqMS9GjKrs4 YLkD+3FdjwNUwmDmCJzSVYfqrdaEqyVfS/wpSWL9rKqvUEJcFKmDE1fcoRlRccdNIj6V lFyeJDa8GBVMHH2060rlq3Q7vzj0uCNfvWQXE= Subject: [PATCH] xt_hashlimit: dl_seq_stop() fix From: Eric Dumazet <eric.dumazet@gmail.com> To: Patrick McHardy <kaber@trash.net> Cc: David Miller <davem@davemloft.net>, netdev <netdev@vger.kernel.org>, Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org> Content-Type: text/plain; charset="UTF-8" Date: Wed, 24 Mar 2010 21:47:44 +0100 Message-ID: <1269463664.2849.9.camel@edumazet-laptop> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1269463664.2849.9.camel@edumazet-laptop

State

Not Applicable, archived

Delegated to:

David Miller

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=subject:from:to:cc:content-type:date:message-id:mime-version
	:x-mailer:content-transfer-encoding;
	b=r2Tm4SwewGbos8mxezraj+Tfq8JU2GjR2fN9iwAf16jc+QCVtybEyD5LqMS9GjKrs4
	YLkD+3FdjwNUwmDmCJzSVYfqrdaEqyVfS/wpSWL9rKqvUEJcFKmDE1fcoRlRccdNIj6V
	lFyeJDa8GBVMHH2060rlq3Q7vzj0uCNfvWQXE=
Subject: [PATCH] xt_hashlimit: dl_seq_stop() fix
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: David Miller <davem@davemloft.net>, netdev <netdev@vger.kernel.org>,
	Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Date: Wed, 24 Mar 2010 21:47:44 +0100
Message-ID: <1269463664.2849.9.camel@edumazet-laptop>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Eric Dumazet March 24, 2010, 8:47 p.m. UTC

If dl_seq_start() memory allocation fails, we crash later in
dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM))

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Patrick McHardy March 25, 2010, 10:01 a.m. UTC | #1

Eric Dumazet wrote:
> If dl_seq_start() memory allocation fails, we crash later in
> dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM))

Seems pretty counter intuitive to me that ->stop is invoked after
->start returned an error.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Eric Dumazet March 25, 2010, 10:07 a.m. UTC | #2

Le jeudi 25 mars 2010 à 11:01 +0100, Patrick McHardy a écrit :
> Eric Dumazet wrote:
> > If dl_seq_start() memory allocation fails, we crash later in
> > dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM))
> 
> Seems pretty counter intuitive to me that ->stop is invoked after
> ->start returned an error.

Yes, I feel your pain :)

At least ->next is not invoked :)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 9e9c489..70d561a 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -879,7 +879,8 @@  static void dl_seq_stop(struct seq_file *s, void *v)
 	struct xt_hashlimit_htable *htable = s->private;
 	unsigned int *bucket = (unsigned int *)v;
 
-	kfree(bucket);
+	if (!IS_ERR(bucket))
+		kfree(bucket);
 	spin_unlock_bh(&htable->lock);
 }

xt_hashlimit: dl_seq_stop() fix

Commit Message

Comments

Patch