diff options
| author | Stephen Hemminger <shemminger@vyatta.com> | 2011-03-09 08:14:26 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-03-09 08:14:26 -0500 |
| commit | adb00ae2ea0ec65f9d3d06079950c0f0ade3b614 (patch) | |
| tree | 78f6cad2236a0393b74b6e9ac5b1975323cefde6 /net | |
| parent | 9846ada138accc63994b57ebdfa76e3e137729e2 (diff) | |
netfilter: x_tables: misuse of try_then_request_module
Since xt_find_match() returns ERR_PTR(xx) on error not NULL,
the macro try_then_request_module won't work correctly here.
The macro expects its first argument will be zero if condition
fails. But ERR_PTR(-ENOENT) is not zero.
The correct solution is to propagate the error value
back.
Found by inspection, and compile tested only.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/x_tables.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 0a77d2ff2154..271eed32a6a1 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -183,7 +183,7 @@ EXPORT_SYMBOL(xt_unregister_matches); | |||
| 183 | /* | 183 | /* |
| 184 | * These are weird, but module loading must not be done with mutex | 184 | * These are weird, but module loading must not be done with mutex |
| 185 | * held (since they will register), and we have to have a single | 185 | * held (since they will register), and we have to have a single |
| 186 | * function to use try_then_request_module(). | 186 | * function to use. |
| 187 | */ | 187 | */ |
| 188 | 188 | ||
| 189 | /* Find match, grabs ref. Returns ERR_PTR() on error. */ | 189 | /* Find match, grabs ref. Returns ERR_PTR() on error. */ |
| @@ -221,9 +221,13 @@ xt_request_find_match(uint8_t nfproto, const char *name, uint8_t revision) | |||
| 221 | { | 221 | { |
| 222 | struct xt_match *match; | 222 | struct xt_match *match; |
| 223 | 223 | ||
| 224 | match = try_then_request_module(xt_find_match(nfproto, name, revision), | 224 | match = xt_find_match(nfproto, name, revision); |
| 225 | "%st_%s", xt_prefix[nfproto], name); | 225 | if (IS_ERR(match)) { |
| 226 | return (match != NULL) ? match : ERR_PTR(-ENOENT); | 226 | request_module("%st_%s", xt_prefix[nfproto], name); |
| 227 | match = xt_find_match(nfproto, name, revision); | ||
| 228 | } | ||
| 229 | |||
| 230 | return match; | ||
| 227 | } | 231 | } |
| 228 | EXPORT_SYMBOL_GPL(xt_request_find_match); | 232 | EXPORT_SYMBOL_GPL(xt_request_find_match); |
| 229 | 233 | ||
| @@ -261,9 +265,13 @@ struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision) | |||
| 261 | { | 265 | { |
| 262 | struct xt_target *target; | 266 | struct xt_target *target; |
| 263 | 267 | ||
| 264 | target = try_then_request_module(xt_find_target(af, name, revision), | 268 | target = xt_find_target(af, name, revision); |
| 265 | "%st_%s", xt_prefix[af], name); | 269 | if (IS_ERR(target)) { |
| 266 | return (target != NULL) ? target : ERR_PTR(-ENOENT); | 270 | request_module("%st_%s", xt_prefix[af], name); |
| 271 | target = xt_find_target(af, name, revision); | ||
| 272 | } | ||
| 273 | |||
| 274 | return target; | ||
| 267 | } | 275 | } |
| 268 | EXPORT_SYMBOL_GPL(xt_request_find_target); | 276 | EXPORT_SYMBOL_GPL(xt_request_find_target); |
| 269 | 277 | ||