Merge branch 'master' of git://1984.lsi.us.es/nf

Pablo Neira Ayuso says: ==================== The following patchset contains netfilter updates for your net tree, they are: * Fix missing the skb->trace reset in nf_reset, noticed by Gao Feng while using the TRACE target with several net namespaces. * Fix prefix translation in IPv6 NPT if non-multiple of 32 prefixes are used, from Matthias Schiffer. * Fix invalid nfacct objects with empty name, they are now rejected with -EINVAL, spotted by Michael Zintakis, patch from myself. * A couple of fixes for wrong return values in the error path of nfnetlink_queue and nf_conntrack, from Wei Yongjun. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-04-04 17:41:53 -0400
committer: David S. Miller <davem@davemloft.net> 2013-04-04 17:41:53 -0400
commit: 4f4ecd5f2a94135a8a556232aa9ddc55944d9c8f (patch)
tree: 99a4808dce728bc3b7bfe6ca6a5eae4bd6eeac99 /net
parent: 518314ffe4ab5d7ffae0607d0c56ba57e0279732 (diff)
parent: 906b1c394d0906a154fbdc904ca506bceb515756 (diff)
4 files changed, 7 insertions, 2 deletions
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
index 33608c610276..cb631143721c 100644
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
                if (pfx_len - i >= 32)
                        mask = 0;
                else
-                        mask = htonl(~((1 << (pfx_len - i)) - 1));
+                        mask = htonl((1 << (i - pfx_len + 32)) - 1);
                idx = i / 32;
                addr->s6_addr32[idx] &= mask;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 6bcce401fd1c..fedee3943661 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -568,6 +568,7 @@ static int __init nf_conntrack_standalone_init(void)
                register_net_sysctl(&init_net, "net", nf_ct_netfilter_table);
        if (!nf_ct_netfilter_header) {
                pr_err("nf_conntrack: can't register to sysctl.\n");
+                ret = -ENOMEM;
                goto out_sysctl;
        }
 #endif
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index 589d686f0b4c..dc3fd5d44464 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
                return -EINVAL;
        acct_name = nla_data(tb[NFACCT_NAME]);
+        if (strlen(acct_name) == 0)
+                return -EINVAL;
        list_for_each_entry(nfacct, &nfnl_acct_list, head) {
                if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0)
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 1cb48540f86a..42680b2baa11 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -1062,8 +1062,10 @@ static int __init nfnetlink_queue_init(void)
 #ifdef CONFIG_PROC_FS
        if (!proc_create("nfnetlink_queue", 0440,
-                         proc_net_netfilter, &nfqnl_file_ops))
+                         proc_net_netfilter, &nfqnl_file_ops)) {
+                status = -ENOMEM;
                goto cleanup_subsys;
+        }
 #endif
        register_netdevice_notifier(&nfqnl_dev_notifier);
author	David S. Miller <davem@davemloft.net>	2013-04-04 17:41:53 -0400
committer	David S. Miller <davem@davemloft.net>	2013-04-04 17:41:53 -0400
commit	4f4ecd5f2a94135a8a556232aa9ddc55944d9c8f (patch)
tree	99a4808dce728bc3b7bfe6ca6a5eae4bd6eeac99 /net
parent	518314ffe4ab5d7ffae0607d0c56ba57e0279732 (diff)
parent	906b1c394d0906a154fbdc904ca506bceb515756 (diff)