Message ID | 1497365189-130373-1-git-send-email-dlu998@gmail.com |
---|---|
State | Accepted |
Headers | show |
On 06/13/2017 07:46 AM, Darrell Ball wrote: > Un-nat conns have no nat_info as do default conns. > However, un-nat conns are originally templated from the > corresponding default conns and therefore need to > have their nat_info explicitly nulled. This > otherwise exposes a double free if conntrack_destroy() > were to be used to destroy the connection tracker. This > would apply to cleaning the datapath after testing. > > Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") > Signed-off-by: Darrell Ball <dlu998@gmail.com> > --- > lib/conntrack.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/lib/conntrack.c b/lib/conntrack.c > index 146edd7..90b154a 100644 > --- a/lib/conntrack.c > +++ b/lib/conntrack.c > @@ -573,6 +573,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, > nc->conn_type == CT_CONN_TYPE_DEFAULT) { > *nc = *conn_for_un_nat_copy; > conn_for_un_nat_copy->conn_type = CT_CONN_TYPE_UN_NAT; > + conn_for_un_nat_copy->nat_info = NULL; > } > ct_rwlock_unlock(&ct->nat_resources_lock); > > I don't have a way to test this right at the moment but it's pretty simple and looks good to me. Thanks Darrell! Acked-by: Greg Rose <gvrose8192@gmail.com>
On Tue, Jun 13, 2017 at 11:20:54AM -0700, Greg Rose wrote: > On 06/13/2017 07:46 AM, Darrell Ball wrote: > >Un-nat conns have no nat_info as do default conns. > >However, un-nat conns are originally templated from the > >corresponding default conns and therefore need to > >have their nat_info explicitly nulled. This > >otherwise exposes a double free if conntrack_destroy() > >were to be used to destroy the connection tracker. This > >would apply to cleaning the datapath after testing. > > > >Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") > >Signed-off-by: Darrell Ball <dlu998@gmail.com> > >--- > > lib/conntrack.c | 1 + > > 1 file changed, 1 insertion(+) > > > >diff --git a/lib/conntrack.c b/lib/conntrack.c > >index 146edd7..90b154a 100644 > >--- a/lib/conntrack.c > >+++ b/lib/conntrack.c > >@@ -573,6 +573,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, > > nc->conn_type == CT_CONN_TYPE_DEFAULT) { > > *nc = *conn_for_un_nat_copy; > > conn_for_un_nat_copy->conn_type = CT_CONN_TYPE_UN_NAT; > >+ conn_for_un_nat_copy->nat_info = NULL; > > } > > ct_rwlock_unlock(&ct->nat_resources_lock); > > > > > I don't have a way to test this right at the moment but it's pretty simple and looks good to me. > > Thanks Darrell! > > Acked-by: Greg Rose <gvrose8192@gmail.com> Thanks Darrell and Greg, I applied this to master.
diff --git a/lib/conntrack.c b/lib/conntrack.c index 146edd7..90b154a 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -573,6 +573,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, nc->conn_type == CT_CONN_TYPE_DEFAULT) { *nc = *conn_for_un_nat_copy; conn_for_un_nat_copy->conn_type = CT_CONN_TYPE_UN_NAT; + conn_for_un_nat_copy->nat_info = NULL; } ct_rwlock_unlock(&ct->nat_resources_lock);
Un-nat conns have no nat_info as do default conns. However, un-nat conns are originally templated from the corresponding default conns and therefore need to have their nat_info explicitly nulled. This otherwise exposes a double free if conntrack_destroy() were to be used to destroy the connection tracker. This would apply to cleaning the datapath after testing. Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") Signed-off-by: Darrell Ball <dlu998@gmail.com> --- lib/conntrack.c | 1 + 1 file changed, 1 insertion(+)