linux/net/ipv4/netfilter
Dmitry Mishin 4c1b52bc7a [NETFILTER]: ip_tables: fix compat related crash
check_compat_entry_size_and_hooks iterates over the matches and calls
compat_check_calc_match, which loads the match and calculates the
compat offsets, but unlike the non-compat version, doesn't call
->checkentry yet. On error however it calls cleanup_matches, which in
turn calls ->destroy, which can result in crashes if the destroy
function (validly) expects to only get called after the checkentry
function.

Add a compat_release_match function that only drops the module reference
on error and rename compat_check_calc_match to compat_find_calc_match to
reflect the fact that it doesn't call the checkentry function.

Reported by Jan Engelhardt <jengelh@linux01.gwdg.de>

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07 13:40:32 -07:00
..
arp_tables.c [SK_BUFF]: Introduce arp_hdr(), remove skb->nh.arph 2007-04-25 22:25:12 -07:00
arpt_mangle.c [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
arptable_filter.c [NETFILTER]: Clean up table initialization 2007-05-10 23:47:43 -07:00
ip_queue.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
ip_tables.c [NETFILTER]: ip_tables: fix compat related crash 2007-06-07 13:40:32 -07:00
ipt_addrtype.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ipt_ah.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_CLUSTERIP.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
ipt_ecn.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
ipt_ECN.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
ipt_iprange.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ipt_LOG.c [NETFILTER]: {eb,ip6,ip}t_LOG: remove remains of LOG target overloading 2007-04-25 22:29:00 -07:00
ipt_MASQUERADE.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
ipt_NETMAP.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
ipt_owner.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_recent.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ipt_REDIRECT.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
ipt_REJECT.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
ipt_SAME.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
ipt_tos.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ipt_TOS.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ipt_ttl.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
ipt_TTL.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ipt_ULOG.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
iptable_filter.c [NETFILTER]: iptable_{filter,mangle}: more descriptive "happy cracking" message 2007-05-10 23:47:59 -07:00
iptable_mangle.c [NETFILTER]: iptable_{filter,mangle}: more descriptive "happy cracking" message 2007-05-10 23:47:59 -07:00
iptable_raw.c [NETFILTER]: iptable_raw: ignore short packets sent by SOCK_RAW sockets 2007-05-10 23:47:59 -07:00
Kconfig [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
Makefile [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
nf_conntrack_l3proto_ipv4_compat.c [PATCH] mark struct file_operations const 7 2007-02-12 09:48:46 -08:00
nf_conntrack_l3proto_ipv4.c [NETFILTER]: nf_conntrack: fix helper module unload races 2007-06-07 13:40:26 -07:00
nf_conntrack_proto_icmp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_nat_amanda.c [NETFILTER]: nf_conntrack/nf_nat: add amanda helper port 2006-12-02 22:08:26 -08:00
nf_nat_core.c [IP]: Introduce ip_hdrlen() 2007-04-25 22:25:07 -07:00
nf_nat_ftp.c [NETFILTER]: nf_conntrack_ftp: fix newline sequence number calculation 2007-05-24 16:41:50 -07:00
nf_nat_h323.c [NETFILTER]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook 2007-05-24 16:44:40 -07:00
nf_nat_helper.c [NETFILTER]: nf_nat: use HW checksumming when possible 2007-04-25 22:28:59 -07:00
nf_nat_irc.c [NETFILTER]: nf_conntrack/nf_nat: add IRC helper port 2006-12-02 22:09:06 -08:00
nf_nat_pptp.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
nf_nat_proto_gre.c [NETFILTER]: nf_nat_proto_gre: do not modify/corrupt GREv0 packets through NAT 2007-05-03 03:34:42 -07:00
nf_nat_proto_icmp.c [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs 2007-03-05 13:25:19 -08:00
nf_nat_proto_tcp.c [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs 2007-03-05 13:25:19 -08:00
nf_nat_proto_udp.c [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs 2007-03-05 13:25:19 -08:00
nf_nat_proto_unknown.c [NETFILTER]: Add NAT support for nf_conntrack 2006-12-02 22:07:13 -08:00
nf_nat_rule.c [NETFILTER]: nf_nat: remove unused argument of function allocating binding 2007-05-10 23:47:44 -07:00
nf_nat_sip.c [NETFILTER]: sip: Fix RTP address NAT 2007-05-03 03:35:31 -07:00
nf_nat_snmp_basic.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_nat_standalone.c [NETFILTER]: nf_nat: remove unused argument of function allocating binding 2007-05-10 23:47:44 -07:00
nf_nat_tftp.c [NETFILTER]: nf_conntrack/nf_nat: add TFTP helper port 2006-12-02 22:10:18 -08:00