redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity

[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation 

Check that status flags are available in the netlink message received
to create a new conntrack.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
hifive-unleashed-5.1
Pablo Neira Ayuso 2006-11-29 02:35:31 +01:00 committed by David S. Miller
parent 1b683b5512
commit bbb3357d14
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/ipv4/netfilter/ip_conntrack_netlink.c
View File

@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED;
err = ctnetlink_change_status(ct, cda);
if (err < 0)
goto err;
if (cda[CTA_STATUS-1]) {
err = ctnetlink_change_status(ct, cda);
if (err < 0)
goto err;
}
if (cda[CTA_PROTOINFO-1]) {
err = ctnetlink_change_protoinfo(ct, cda);

8
net/netfilter/nf_conntrack_netlink.c
View File

@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED;
err = ctnetlink_change_status(ct, cda);
if (err < 0)
goto err;
if (cda[CTA_STATUS-1]) {
err = ctnetlink_change_status(ct, cda);
if (err < 0)
goto err;
}
if (cda[CTA_PROTOINFO-1]) {
err = ctnetlink_change_protoinfo(ct, cda);