Re: [PATCH] fix mem-leak in netfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Stephen Frost ([email protected]) wrote:
> * Patrick McHardy ([email protected]) wrote:
> > This is the updated patch, it changes the eviction strategy
> > to LRU and fixes a bug related to TTL handling, the TTL stored
> > in the entry should only be overwritten if the IPT_RECENT_TTL
> > flag is set.
> 
> I thought that I had convinced myself that the TTL handling was okay and
> that where it was overwritten wasn't harmful.  Oh well.

Looking at this again...  The ttl isn't copied into 'ttl' unless the
check_set has TTL turned on.  This means that the overwritting was fine,
if you accept that you can only ever match on TTL, or never match on it.
That doesn't seem right to me.  The TTL in the table should always be
kept up-to-date and the only question is if the current rule requires it
for a match or not.  This isn't a huge change, just set the local
variable always but check for if it's asked to match before calling the
lookup.  Or you could move it into an if/else block.

	Thanks,

		Stephen

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux