diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2015-06-19 18:23:37 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-07-02 09:03:13 -0400 |
| commit | f307170d6e591a48529425b1ed6ca835790995a9 (patch) | |
| tree | a067197638084b8853d59ed6af1f0c5209f5ad9a | |
| parent | 4da3064d1775810f10f7ddc1c34c3f1ff502a654 (diff) | |
netfilter: nf_queue: Don't recompute the hook_list head
If someone sends packets from one of the netdevice ingress hooks to
the a userspace queue, and then userspace later accepts the packet,
the netfilter code can enter an infinite loop as the list head will
never be found.
Pass in the saved list_head to avoid this.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_queue.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index cd60d397fe05..8a8b2abc35ff 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
| @@ -213,7 +213,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) | |||
| 213 | 213 | ||
| 214 | if (verdict == NF_ACCEPT) { | 214 | if (verdict == NF_ACCEPT) { |
| 215 | next_hook: | 215 | next_hook: |
| 216 | verdict = nf_iterate(&nf_hooks[entry->state.pf][entry->state.hook], | 216 | verdict = nf_iterate(entry->state.hook_list, |
| 217 | skb, &entry->state, &elem); | 217 | skb, &entry->state, &elem); |
| 218 | } | 218 | } |
| 219 | 219 | ||