Message ID | 1491127293-11235-1-git-send-email-zlpnobody@163.com |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
On Sun, Apr 02, 2017 at 06:01:33PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@gmail.com> > > For IPCTNL_MSG_EXP_GET, if the CTA_EXPECT_MASTER attr is specified, then > the NLM_F_DUMP request will dump the expectations related to this > connection tracking. > > But we forget to check whether the conntrack has nf_conn_help or not, > so if nfct_help(ct) is NULL, oops will happen: > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 > IP: ctnetlink_exp_ct_dump_table+0xf9/0x1e0 [nf_conntrack_netlink] > Call Trace: > ? ctnetlink_exp_ct_dump_table+0x75/0x1e0 [nf_conntrack_netlink] > netlink_dump+0x124/0x2a0 > __netlink_dump_start+0x161/0x190 > ctnetlink_dump_exp_ct+0x16c/0x1bc [nf_conntrack_netlink] > ? ctnetlink_exp_fill_info.constprop.33+0xf0/0xf0 [nf_conntrack_netlink] > ? ctnetlink_glue_seqadj+0x20/0x20 [nf_conntrack_netlink] > ctnetlink_get_expect+0x32e/0x370 [nf_conntrack_netlink] > ? debug_lockdep_rcu_enabled+0x1d/0x20 > nfnetlink_rcv_msg+0x60a/0x6a9 [nfnetlink] > ? nfnetlink_rcv_msg+0x1b9/0x6a9 [nfnetlink] > [...] Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index f776314..1bb2f27 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -2783,6 +2783,12 @@ static int ctnetlink_dump_exp_ct(struct net *net, struct sock *ctnl, return -ENOENT; ct = nf_ct_tuplehash_to_ctrack(h); + /* No expectation linked to this connection tracking. */ + if (!nfct_help(ct)) { + nf_ct_put(ct); + return 0; + } + c.data = ct; err = netlink_dump_start(ctnl, skb, nlh, &c);