Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8311731a authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: ip_tables: fix table locking in ipt_do_table 



table->private might change because of ruleset changes, don't use it without
holding the lock.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d205dc40

net/ipv4/netfilter/ip_tables.c

+2 −1
Original line number Diff line number Diff line
@@ -230,7 +230,7 @@ ipt_do_table(struct sk_buff **pskb, 
	const char *indev, *outdev;

	void *table_base;

	struct ipt_entry *e, *back;

	struct xt_table_info *private = table->private;

	struct xt_table_info *private;



	/* Initialization */

	ip = (*pskb)->nh.iph;
@@ -247,6 +247,7 @@ ipt_do_table(struct sk_buff **pskb, 


	read_lock_bh(&table->lock);

	IP_NF_ASSERT(table->valid_hooks & (1 << hook));

	private = table->private;

	table_base = (void *)private->entries[smp_processor_id()];

	e = get_entry(table_base, private->hook_entry[hook]);