diff options
| author | Patrick McHardy <kaber@trash.net> | 2008-03-10 19:44:13 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-03-10 19:44:13 -0400 |
| commit | b7047a1c886386b10a103b4fea26678db8b57832 (patch) | |
| tree | 7bc7d14b5a71470f774f190d7809cca45e8bef8f | |
| parent | 019f692ea719a2da17606511d2648b8cc1762268 (diff) | |
[NETFILTER]: nfnetlink_log: fix EPERM when binding/unbinding and instance 0 exists
When binding or unbinding to an address family, the res_id is usually set
to zero. When logging instance 0 already exists and is owned by a different
process, this makes nfunl_recv_config return -EPERM without performing
the bind operation.
Since no operation on the foreign logging instance itself was requested,
this is incorrect. Move bind/unbind commands before the queue instance
permissions checks.
Also remove an incorrect comment.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/netfilter/nfnetlink_log.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index c6802c0d6ed8..bf3f19b21fe4 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
| @@ -702,20 +702,30 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb, | |||
| 702 | struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); | 702 | struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); |
| 703 | u_int16_t group_num = ntohs(nfmsg->res_id); | 703 | u_int16_t group_num = ntohs(nfmsg->res_id); |
| 704 | struct nfulnl_instance *inst; | 704 | struct nfulnl_instance *inst; |
| 705 | struct nfulnl_msg_config_cmd *cmd = NULL; | ||
| 705 | int ret = 0; | 706 | int ret = 0; |
| 706 | 707 | ||
| 708 | if (nfula[NFULA_CFG_CMD]) { | ||
| 709 | u_int8_t pf = nfmsg->nfgen_family; | ||
| 710 | cmd = nla_data(nfula[NFULA_CFG_CMD]); | ||
| 711 | |||
| 712 | /* Commands without queue context */ | ||
| 713 | switch (cmd->command) { | ||
| 714 | case NFULNL_CFG_CMD_PF_BIND: | ||
| 715 | return nf_log_register(pf, &nfulnl_logger); | ||
| 716 | case NFULNL_CFG_CMD_PF_UNBIND: | ||
| 717 | nf_log_unregister_pf(pf); | ||
| 718 | return 0; | ||
| 719 | } | ||
| 720 | } | ||
| 721 | |||
| 707 | inst = instance_lookup_get(group_num); | 722 | inst = instance_lookup_get(group_num); |
| 708 | if (inst && inst->peer_pid != NETLINK_CB(skb).pid) { | 723 | if (inst && inst->peer_pid != NETLINK_CB(skb).pid) { |
| 709 | ret = -EPERM; | 724 | ret = -EPERM; |
| 710 | goto out_put; | 725 | goto out_put; |
| 711 | } | 726 | } |
| 712 | 727 | ||
| 713 | if (nfula[NFULA_CFG_CMD]) { | 728 | if (cmd != NULL) { |
| 714 | u_int8_t pf = nfmsg->nfgen_family; | ||
| 715 | struct nfulnl_msg_config_cmd *cmd; | ||
| 716 | |||
| 717 | cmd = nla_data(nfula[NFULA_CFG_CMD]); | ||
| 718 | |||
| 719 | switch (cmd->command) { | 729 | switch (cmd->command) { |
| 720 | case NFULNL_CFG_CMD_BIND: | 730 | case NFULNL_CFG_CMD_BIND: |
| 721 | if (inst) { | 731 | if (inst) { |
| @@ -738,14 +748,6 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb, | |||
| 738 | 748 | ||
| 739 | instance_destroy(inst); | 749 | instance_destroy(inst); |
| 740 | goto out; | 750 | goto out; |
| 741 | case NFULNL_CFG_CMD_PF_BIND: | ||
| 742 | ret = nf_log_register(pf, &nfulnl_logger); | ||
| 743 | break; | ||
| 744 | case NFULNL_CFG_CMD_PF_UNBIND: | ||
| 745 | /* This is a bug and a feature. We cannot unregister | ||
| 746 | * other handlers, like nfnetlink_inst can */ | ||
| 747 | nf_log_unregister_pf(pf); | ||
| 748 | break; | ||
| 749 | default: | 751 | default: |
| 750 | ret = -ENOTSUPP; | 752 | ret = -ENOTSUPP; |
| 751 | break; | 753 | break; |