Commit 99e25d071fca91eb90ffa2f51240547a69137bde
1 parent
a874752a10
netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type
Compiler did not catch incorrect typing in the rcu hook assignment. % nfct add timeout test-tcp inet tcp established 100 close 10 close_wait 10 % iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp dmesg - xt_CT: Timeout policy `test-tcp' can only be used by L3 protocol number 25000 The CT target bails out with incorrect layer 3 protocol number. Fixes: 6c1fd7dc489d ("netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object") Reported-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Showing 1 changed file with 3 additions and 3 deletions Side-by-side Diff
net/netfilter/nfnetlink_cttimeout.c
| ... | ... | @@ -489,8 +489,8 @@ |
| 489 | 489 | return err; |
| 490 | 490 | } |
| 491 | 491 | |
| 492 | -static struct ctnl_timeout * | |
| 493 | -ctnl_timeout_find_get(struct net *net, const char *name) | |
| 492 | +static struct nf_ct_timeout *ctnl_timeout_find_get(struct net *net, | |
| 493 | + const char *name) | |
| 494 | 494 | { |
| 495 | 495 | struct ctnl_timeout *timeout, *matching = NULL; |
| 496 | 496 | |
| ... | ... | @@ -509,7 +509,7 @@ |
| 509 | 509 | break; |
| 510 | 510 | } |
| 511 | 511 | err: |
| 512 | - return matching; | |
| 512 | + return matching ? &matching->timeout : NULL; | |
| 513 | 513 | } |
| 514 | 514 | |
| 515 | 515 | static void ctnl_timeout_put(struct nf_ct_timeout *t) |