git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Evgeniy Polyakov <johnpol@2ka.mipt.ru>
	Wed, 21 Nov 2007 12:32:56 +0000 (20:32 +0800)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Fri, 14 Dec 2007 17:50:50 +0000 (09:50 -0800)
commit	992a69a7fd52ea2dda4127bbcaea138d0c327c9e
tree	46c9c5ed45dd8a53ab6f09e105511c787213d336	tree \| snapshot
parent	671369b670d81bbf26766e0fd723821616f76b1a	commit \| diff

NETFILTER: Fix NULL pointer dereference in nf_nat_move_storage()

[NETFILTER]: Fix NULL pointer dereference in nf_nat_move_storage()

[ Upstream commit: 7799652557d966e49512479f4d3b9079bbc01fff ]

Reported by Chuck Ebbert as:

https://bugzilla.redhat.com/show_bug.cgi?id=259501#c14

This routine is called each time hash should be replaced, nf_conn has
extension list which contains pointers to connection tracking users
(like nat, which is right now the only such user), so when replace takes
place it should copy own extensions. Loop above checks for own
extension, but tries to move higer-layer one, which can lead to above
oops.

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>