[PATCH nf] netfilter: ctnetlink: avoid null pointer dereference

Florian Westphal Mon, 11 Jun 2018 13:22:39 -0700

Dan Carpenter points out that deref occurs after NULL check, we should
re-fetch the pointer and check that instead.


Fixes: 2c205dd3981f7 ("netfilter: add struct nf_nat_hook and use it")
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Florian Westphal <f...@strlen.de>
---
Not even compile tested, patch is vs. nf-next as nf.git doesn't
contain the problematic change yet.

diff --git a/net/netfilter/nf_conntrack_netlink.c 
b/net/netfilter/nf_conntrack_netlink.c
index 39327a42879f..20a2e37c76d1 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1446,7 +1446,8 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct,
                }
                nfnl_lock(NFNL_SUBSYS_CTNETLINK);
                rcu_read_lock();
-               if (nat_hook->parse_nat_setup)
+               nat_hook = rcu_dereference(nf_nat_hook);
+               if (nat_hook)
                        return -EAGAIN;
 #endif
                return -EOPNOTSUPP;
-- 
2.17.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nf] netfilter: ctnetlink: avoid null pointer dereference

Reply via email to