[NETFILTER]: Fix rcu race in ipt_REDIRECT

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2005-09-13 16:48:58 -0400
committer: David S. Miller <davem@davemloft.net> 2005-09-13 16:48:58 -0400
commit: cd0bf2d796ebb51c346b1ed4208cdbfd86e98a61 (patch)
tree: 2ea4c92974433cbb0ebb088749d88e80380ee7cd /net/ipv4
parent: e7fa1bd93f977c03050bd6b3d13846aa43310fef (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index d2e13447678e..715cb613405c 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -88,14 +88,18 @@ redirect_target(struct sk_buff **pskb,
                newdst = htonl(0x7F000001);
        else {
                struct in_device *indev;
+                struct in_ifaddr *ifa;
-                /* Device might not have an associated in_device. */
+                newdst = 0;
-                indev = (struct in_device *)(*pskb)->dev->ip_ptr;
+                
-                if (indev == NULL || indev->ifa_list == NULL)
+                rcu_read_lock();
-                        return NF_DROP;
+                indev = __in_dev_get((*pskb)->dev);
+                if (indev && (ifa = indev->ifa_list))
+                        newdst = ifa->ifa_local;
+                rcu_read_unlock();
-                /* Grab first address on interface. */
+                if (!newdst)
-                newdst = indev->ifa_list->ifa_local;
+                        return NF_DROP;
        }
        /* Transfer from original range. */
author	Patrick McHardy <kaber@trash.net>	2005-09-13 16:48:58 -0400
committer	David S. Miller <davem@davemloft.net>	2005-09-13 16:48:58 -0400
commit	cd0bf2d796ebb51c346b1ed4208cdbfd86e98a61 (patch)
tree	2ea4c92974433cbb0ebb088749d88e80380ee7cd /net/ipv4
parent	e7fa1bd93f977c03050bd6b3d13846aa43310fef (diff)

diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index d2e13447678e..715cb613405c 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -88,14 +88,18 @@ redirect_target(struct sk_buff **pskb,
88	newdst = htonl(0x7F000001);	88	newdst = htonl(0x7F000001);
89	else {	89	else {
90	struct in_device *indev;	90	struct in_device *indev;
		91	struct in_ifaddr *ifa;
91		92
92	/* Device might not have an associated in_device. */	93	newdst = 0;
93	indev = (struct in_device )(pskb)->dev->ip_ptr;	94
94	if (indev == NULL \|\| indev->ifa_list == NULL)	95	rcu_read_lock();
95	return NF_DROP;	96	indev = __in_dev_get((*pskb)->dev);
		97	if (indev && (ifa = indev->ifa_list))
		98	newdst = ifa->ifa_local;
		99	rcu_read_unlock();
96		100
97	/* Grab first address on interface. */	101	if (!newdst)
98	newdst = indev->ifa_list->ifa_local;	102	return NF_DROP;
99	}	103	}
100		104
101	/* Transfer from original range. */	105	/* Transfer from original range. */