diff options
| author | Hans Schillstrom <hans@schillstrom.com> | 2013-05-14 21:23:45 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-05-15 08:11:07 -0400 |
| commit | 8cdb46da06ea94543a3b2e53e3e92736421d1093 (patch) | |
| tree | 2f3d5703ee736daf10a3556c5c80f6bcca8731b8 /net/ipv4 | |
| parent | 42010ed0c669aeb1c5b015f5edf590c73919380c (diff) | |
netfilter: log: netns NULL ptr bug when calling from conntrack
Since (69b34fb netfilter: xt_LOG: add net namespace support
for xt_LOG), we hit this:
[ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
[ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270
when callling log functions from conntrack both in and out
are NULL i.e. the net pointer is invalid.
Adding struct net *net in call to nf_logfn() will secure that
there always is a vaild net ptr.
Reported as netfilter's bugzilla bug 818:
https://bugzilla.netfilter.org/show_bug.cgi?id=818
Reported-by: Ronald <ronald645@gmail.com>
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index f8a222cb6448..cf08218ddbcf 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
| @@ -162,7 +162,8 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size) | |||
| 162 | return skb; | 162 | return skb; |
| 163 | } | 163 | } |
| 164 | 164 | ||
| 165 | static void ipt_ulog_packet(unsigned int hooknum, | 165 | static void ipt_ulog_packet(struct net *net, |
| 166 | unsigned int hooknum, | ||
| 166 | const struct sk_buff *skb, | 167 | const struct sk_buff *skb, |
| 167 | const struct net_device *in, | 168 | const struct net_device *in, |
| 168 | const struct net_device *out, | 169 | const struct net_device *out, |
| @@ -174,7 +175,6 @@ static void ipt_ulog_packet(unsigned int hooknum, | |||
| 174 | size_t size, copy_len; | 175 | size_t size, copy_len; |
| 175 | struct nlmsghdr *nlh; | 176 | struct nlmsghdr *nlh; |
| 176 | struct timeval tv; | 177 | struct timeval tv; |
| 177 | struct net *net = dev_net(in ? in : out); | ||
| 178 | struct ulog_net *ulog = ulog_pernet(net); | 178 | struct ulog_net *ulog = ulog_pernet(net); |
| 179 | 179 | ||
| 180 | /* ffs == find first bit set, necessary because userspace | 180 | /* ffs == find first bit set, necessary because userspace |
| @@ -291,12 +291,15 @@ alloc_failure: | |||
| 291 | static unsigned int | 291 | static unsigned int |
| 292 | ulog_tg(struct sk_buff *skb, const struct xt_action_param *par) | 292 | ulog_tg(struct sk_buff *skb, const struct xt_action_param *par) |
| 293 | { | 293 | { |
| 294 | ipt_ulog_packet(par->hooknum, skb, par->in, par->out, | 294 | struct net *net = dev_net(par->in ? par->in : par->out); |
| 295 | |||
| 296 | ipt_ulog_packet(net, par->hooknum, skb, par->in, par->out, | ||
| 295 | par->targinfo, NULL); | 297 | par->targinfo, NULL); |
| 296 | return XT_CONTINUE; | 298 | return XT_CONTINUE; |
| 297 | } | 299 | } |
| 298 | 300 | ||
| 299 | static void ipt_logfn(u_int8_t pf, | 301 | static void ipt_logfn(struct net *net, |
| 302 | u_int8_t pf, | ||
| 300 | unsigned int hooknum, | 303 | unsigned int hooknum, |
| 301 | const struct sk_buff *skb, | 304 | const struct sk_buff *skb, |
| 302 | const struct net_device *in, | 305 | const struct net_device *in, |
| @@ -318,7 +321,7 @@ static void ipt_logfn(u_int8_t pf, | |||
| 318 | strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix)); | 321 | strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix)); |
| 319 | } | 322 | } |
| 320 | 323 | ||
| 321 | ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); | 324 | ipt_ulog_packet(net, hooknum, skb, in, out, &loginfo, prefix); |
| 322 | } | 325 | } |
| 323 | 326 | ||
| 324 | static int ulog_tg_check(const struct xt_tgchk_param *par) | 327 | static int ulog_tg_check(const struct xt_tgchk_param *par) |