4 files changed, 14 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index b8ddcc480ed9..a5e52a9f0a12 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -60,12 +60,12 @@ static int checkentry(const struct xt_tgchk_param *par)
        if (mangle->flags & ~ARPT_MANGLE_MASK ||
            !(mangle->flags & ARPT_MANGLE_MASK))
-                return false;
+                return -EINVAL;
        if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
           mangle->target != XT_CONTINUE)
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_target arpt_mangle_reg __read_mostly = {
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index 5702de35e2bb..63a1b915a7e4 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -63,6 +63,9 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct)
                 * this does not harm and it happens very rarely. */
                unsigned long missed = e->missed;
+                if (!((events | missed) & e->ctmask))
+                        goto out_unlock;
                ret = notify->fcn(events | missed, &item);
                if (unlikely(ret < 0 || missed)) {
                        spin_lock_bh(&ct->lock);
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 93297aaceb2b..eead9db6f899 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -667,6 +667,7 @@ restart:
                        if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
                                                cb->nlh->nlmsg_seq,
                                                IPCTNL_MSG_CT_NEW, ct) < 0) {
+                                nf_conntrack_get(&ct->ct_general);
                                cb->args[1] = (unsigned long)ct;
                                goto out;
                        }
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
index 88f7c3511c72..73c33a42f87f 100644
--- a/net/netfilter/xt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par)
 }
 static inline int
-iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b)
+iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b)
 {
        unsigned int i;
-        int r;
        for (i = 0; i < 4; ++i) {
-                r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]);
+                if (a->s6_addr32[i] != b->s6_addr32[i])
-                if (r != 0)
+                        return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]);
-                        return r;
        }
        return 0;
@@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par)
        bool m;
        if (info->flags & IPRANGE_SRC) {
-                m  = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
+                m  = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6);
-                m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
+                m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr);
                m ^= !!(info->flags & IPRANGE_SRC_INV);
                if (m)
                        return false;
        }
        if (info->flags & IPRANGE_DST) {
-                m  = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
+                m  = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6);
-                m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
+                m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr);
                m ^= !!(info->flags & IPRANGE_DST_INV);
                if (m)
                        return false;