netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions (4440a2ab) · Commits · e / devices / android_kernel_xiaomi_nabu

include/net/netfilter/nf_conntrack_synproxy.h

+14 −0

Original line number	Original line	Diff line number	Diff line
	@@ -27,6 +27,20 @@ static inline struct nf_conn_synproxy nfct_synproxy_ext_add(struct nf_conn ct)
	#endif		#endif
	}		}

			static inline bool nf_ct_add_synproxy(struct nf_conn *ct,
			const struct nf_conn *tmpl)
			{
			if (tmpl && nfct_synproxy(tmpl)) {
			if (!nfct_seqadj_ext_add(ct))
			return false;

			if (!nfct_synproxy_ext_add(ct))
			return false;
			}

			return true;
			}

	struct synproxy_stats {		struct synproxy_stats {
	unsigned int syn_received;		unsigned int syn_received;
	unsigned int cookie_invalid;		unsigned int cookie_invalid;

+3 −3

Original line number	Original line	Diff line number	Diff line
	@@ -1035,9 +1035,9 @@ init_conntrack(struct net net, struct nf_conn tmpl,
	if (IS_ERR(ct))		if (IS_ERR(ct))
	return (struct nf_conntrack_tuple_hash *)ct;		return (struct nf_conntrack_tuple_hash *)ct;

	if (tmpl && nfct_synproxy(tmpl)) {		if (!nf_ct_add_synproxy(ct, tmpl)) {
	nfct_seqadj_ext_add(ct);		nf_conntrack_free(ct);
	nfct_synproxy_ext_add(ct);		return ERR_PTR(-ENOMEM);
	}		}

	timeout_ext = tmpl ? nf_ct_timeout_find(tmpl) : NULL;		timeout_ext = tmpl ? nf_ct_timeout_find(tmpl) : NULL;

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -441,7 +441,8 @@ nf_nat_setup_info(struct nf_conn *ct,
	ct->status \|= IPS_DST_NAT;		ct->status \|= IPS_DST_NAT;

	if (nfct_help(ct))		if (nfct_help(ct))
	nfct_seqadj_ext_add(ct);		if (!nfct_seqadj_ext_add(ct))
			return NF_DROP;
	}		}

	if (maniptype == NF_NAT_MANIP_SRC) {		if (maniptype == NF_NAT_MANIP_SRC) {