diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2006-11-27 13:26:46 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-11-28 23:59:37 -0500 |
commit | 2e47c264a2e6ea24c27b4987607222202818c1f4 (patch) | |
tree | 39d4736912e32c11cc08abaef216e30eedfbdfaf | |
parent | c537b75a3ba9f5d2569f313742cd379dff6ceb70 (diff) |
[NETFILTER]: conntrack: fix refcount leak when finding expectation
All users of __{ip,nf}_conntrack_expect_find() don't expect that
it increments the reference count of expectation.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 6 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 143c4668538b..8b848aa77bfc 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -225,10 +225,8 @@ __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple) | |||
225 | struct ip_conntrack_expect *i; | 225 | struct ip_conntrack_expect *i; |
226 | 226 | ||
227 | list_for_each_entry(i, &ip_conntrack_expect_list, list) { | 227 | list_for_each_entry(i, &ip_conntrack_expect_list, list) { |
228 | if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) { | 228 | if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) |
229 | atomic_inc(&i->use); | ||
230 | return i; | 229 | return i; |
231 | } | ||
232 | } | 230 | } |
233 | return NULL; | 231 | return NULL; |
234 | } | 232 | } |
@@ -241,6 +239,8 @@ ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple) | |||
241 | 239 | ||
242 | read_lock_bh(&ip_conntrack_lock); | 240 | read_lock_bh(&ip_conntrack_lock); |
243 | i = __ip_conntrack_expect_find(tuple); | 241 | i = __ip_conntrack_expect_find(tuple); |
242 | if (i) | ||
243 | atomic_inc(&i->use); | ||
244 | read_unlock_bh(&ip_conntrack_lock); | 244 | read_unlock_bh(&ip_conntrack_lock); |
245 | 245 | ||
246 | return i; | 246 | return i; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 0f5830779b44..de0567b1f422 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -469,10 +469,8 @@ __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple) | |||
469 | struct nf_conntrack_expect *i; | 469 | struct nf_conntrack_expect *i; |
470 | 470 | ||
471 | list_for_each_entry(i, &nf_conntrack_expect_list, list) { | 471 | list_for_each_entry(i, &nf_conntrack_expect_list, list) { |
472 | if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) { | 472 | if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) |
473 | atomic_inc(&i->use); | ||
474 | return i; | 473 | return i; |
475 | } | ||
476 | } | 474 | } |
477 | return NULL; | 475 | return NULL; |
478 | } | 476 | } |
@@ -485,6 +483,8 @@ nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple) | |||
485 | 483 | ||
486 | read_lock_bh(&nf_conntrack_lock); | 484 | read_lock_bh(&nf_conntrack_lock); |
487 | i = __nf_conntrack_expect_find(tuple); | 485 | i = __nf_conntrack_expect_find(tuple); |
486 | if (i) | ||
487 | atomic_inc(&i->use); | ||
488 | read_unlock_bh(&nf_conntrack_lock); | 488 | read_unlock_bh(&nf_conntrack_lock); |
489 | 489 | ||
490 | return i; | 490 | return i; |