[patch 08/23] [PATCH] [NETFILTER] NAT: Fix module refcount dropping too far

-stable review patch.  If anyone has any objections, please let us know.
------------------

The unknown protocol is used as a fallback when a protocol isn't known.
Hence we cannot handle it failing, so don't set ".me".  It's OK, since we
only grab a reference from within the same module (iptable_nat.ko), so we
never take the module refcount from 0 to 1.

Also, remove the "protocol is NULL" test: it's never NULL.

Signed-off-by: Rusty Rusty <[email protected]>
Signed-off-by: Harald Welte <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
 net/ipv4/netfilter/ip_nat_core.c          |    6 ++----
 net/ipv4/netfilter/ip_nat_proto_unknown.c |    2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

--- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_nat_core.c
+++ linux-2.6.14.2/net/ipv4/netfilter/ip_nat_core.c
@@ -66,10 +66,8 @@ ip_nat_proto_find_get(u_int8_t protonum)
 	 * removed until we've grabbed the reference */
 	preempt_disable();
 	p = __ip_nat_proto_find(protonum);
-	if (p) {
-		if (!try_module_get(p->me))
-			p = &ip_nat_unknown_protocol;
-	}
+	if (!try_module_get(p->me))
+		p = &ip_nat_unknown_protocol;
 	preempt_enable();
 
 	return p;
--- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_nat_proto_unknown.c
+++ linux-2.6.14.2/net/ipv4/netfilter/ip_nat_proto_unknown.c
@@ -62,7 +62,7 @@ unknown_print_range(char *buffer, const 
 
 struct ip_nat_protocol ip_nat_unknown_protocol = {
 	.name			= "unknown",
-	.me			= THIS_MODULE,
+	/* .me isn't set: getting a ref to this cannot fail. */
 	.manip_pkt		= unknown_manip_pkt,
 	.in_range		= unknown_in_range,
 	.unique_tuple		= unknown_unique_tuple,

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: [patch 07/23] [PATCH] [NETFILTER] PPTP helper: Fix endianness bug in GRE key / CallID NAT
• Next by Date: [patch 11/23] [PATCH] [NETFILTER] ctnetlink: check if protoinfo is present
• Previous by thread: [patch 07/23] [PATCH] [NETFILTER] PPTP helper: Fix endianness bug in GRE key / CallID NAT
• Next by thread: [patch 11/23] [PATCH] [NETFILTER] ctnetlink: check if protoinfo is present
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]