Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c359c415 authored by Dan Carpenter's avatar Dan Carpenter Committed by Pablo Neira Ayuso
Browse files

netfilter: nft_compat: use _safe version of list_for_each 



We need to use the _safe version of list_for_each_entry() here otherwise
we have a use after free bug.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent ca0e8bd6

net/netfilter/nft_compat.c

+4 −4
Original line number Diff line number Diff line
@@ -634,9 +634,9 @@ nft_match_select_ops(const struct nft_ctx *ctx, 


static void nft_match_release(void)

{

	struct nft_xt *nft_match;

	struct nft_xt *nft_match, *tmp;



	list_for_each_entry(nft_match, &nft_match_list, head)

	list_for_each_entry_safe(nft_match, tmp, &nft_match_list, head)

		kfree(nft_match);

}
@@ -705,9 +705,9 @@ nft_target_select_ops(const struct nft_ctx *ctx, 


static void nft_target_release(void)

{

	struct nft_xt *nft_target;

	struct nft_xt *nft_target, *tmp;



	list_for_each_entry(nft_target, &nft_target_list, head)

	list_for_each_entry_safe(nft_target, tmp, &nft_target_list, head)

		kfree(nft_target);

}