Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 266c8543 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: Fix unbalanced read_unlock_bh in ctnetlink 



NFA_NEST calls NFA_PUT which jumps to nfattr_failure if the skb has no
room left. We call read_unlock_bh at nfattr_failure for the NFA_PUT inside
the locked section, so move NFA_NEST inside the locked section too.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 6636568c

net/ipv4/netfilter/ip_conntrack_proto_tcp.c

+2 −1
Original line number Diff line number Diff line
@@ -341,9 +341,10 @@ static int tcp_print_conntrack(struct seq_file *s, 
static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa,

			 const struct ip_conntrack *ct)

{

	struct nfattr *nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);

	struct nfattr *nest_parms;

	

	read_lock_bh(&tcp_lock);

	nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);

	NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),

		&ct->proto.tcp.state);

	read_unlock_bh(&tcp_lock);