mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-01 09:34:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'nf-24-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Browse Source 
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

Fix a possible null-ptr-deref sometimes triggered by iptables-restore at
boot time. Register iptables {ipv4,ipv6} nat table pernet in first place
to fix this issue. Patch #1 and #2 from Kuniyuki Iwashima.

netfilter pull request 24-07-31

* tag 'nf-24-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
  netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
====================

Link: https://patch.msgid.link/20240731213046.6194-1-pablo@netfilter.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
This commit is contained in:
Paolo Abeni
2024-08-01 12:08:28 +02:00
parent a46c68debf c22921df77
commit 2b4a32daa6
2 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
net/ipv4/netfilter/iptable_nat.c
View File

@@ -145,25 +145,27 @@ static struct pernet_operations iptable_nat_net_ops = {
static int __init iptable_nat_init(void)
{
int ret = xt_register_template(&nf_nat_ipv4_table,
iptable_nat_table_init);
int ret;
/* net->gen->ptr[iptable_nat_net_id] must be allocated
* before calling iptable_nat_table_init().
*/
ret = register_pernet_subsys(&iptable_nat_net_ops);
if (ret < 0)
return ret;
ret = register_pernet_subsys(&iptable_nat_net_ops);
if (ret < 0) {
xt_unregister_template(&nf_nat_ipv4_table);
return ret;
}
ret = xt_register_template(&nf_nat_ipv4_table,
iptable_nat_table_init);
if (ret < 0)
unregister_pernet_subsys(&iptable_nat_net_ops);
return ret;
}
static void __exit iptable_nat_exit(void)
{
unregister_pernet_subsys(&iptable_nat_net_ops);
xt_unregister_template(&nf_nat_ipv4_table);
unregister_pernet_subsys(&iptable_nat_net_ops);
}
module_init(iptable_nat_init);

14
net/ipv6/netfilter/ip6table_nat.c
View File

@@ -147,23 +147,27 @@ static struct pernet_operations ip6table_nat_net_ops = {
static int __init ip6table_nat_init(void)
{
int ret = xt_register_template(&nf_nat_ipv6_table,
ip6table_nat_table_init);
int ret;
/* net->gen->ptr[ip6table_nat_net_id] must be allocated
* before calling ip6t_nat_register_lookups().
*/
ret = register_pernet_subsys(&ip6table_nat_net_ops);
if (ret < 0)
return ret;
ret = register_pernet_subsys(&ip6table_nat_net_ops);
ret = xt_register_template(&nf_nat_ipv6_table,
ip6table_nat_table_init);
if (ret)
xt_unregister_template(&nf_nat_ipv6_table);
unregister_pernet_subsys(&ip6table_nat_net_ops);
return ret;
}
static void __exit ip6table_nat_exit(void)
{
unregister_pernet_subsys(&ip6table_nat_net_ops);
xt_unregister_template(&nf_nat_ipv6_table);
unregister_pernet_subsys(&ip6table_nat_net_ops);
}
module_init(ip6table_nat_init);