commit eafbd3fde6fc5ada0d61307367e408813b04928a · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

netfilter: ipset: set match and SET target fixes

The SET target with --del-set did not work due to using wrongly
the internal dimension of --add-set instead of --del-set.
Also, the checkentries did not release the set references when
returned an error. Bugs reported by Lennert Buytenhek.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by Jozsef Kadlecsik and committed by Patrick McHardy 15 years ago eafbd3fd 0e8a835a

+16 -2

1 changed file

expand all

unified split

net

netfilter

xt_set.c

+16 -2

net/netfilter/xt_set.c

··· 81 81 if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { 82 82 pr_warning("Protocol error: set match dimension " 83 83 "is over the limit!\n"); 84 + ip_set_nfnl_put(info->match_set.index); 84 85 return -ERANGE; 85 86 } 86 87 ··· 136 135 if (index == IPSET_INVALID_ID) { 137 136 pr_warning("Cannot find del_set index %u as target\n", 138 137 info->del_set.index); 138 + if (info->add_set.index != IPSET_INVALID_ID) 139 + ip_set_nfnl_put(info->add_set.index); 139 140 return -ENOENT; 140 141 } 141 142 } ··· 145 142 info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) { 146 143 pr_warning("Protocol error: SET target dimension " 147 144 "is over the limit!\n"); 145 + if (info->add_set.index != IPSET_INVALID_ID) 146 + ip_set_nfnl_put(info->add_set.index); 147 + if (info->del_set.index != IPSET_INVALID_ID) 148 + ip_set_nfnl_put(info->del_set.index); 148 149 return -ERANGE; 149 150 } 150 151 ··· 199 192 if (info->match_set.dim > IPSET_DIM_MAX) { 200 193 pr_warning("Protocol error: set match dimension " 201 194 "is over the limit!\n"); 195 + ip_set_nfnl_put(info->match_set.index); 202 196 return -ERANGE; 203 197 } 204 198 ··· 227 219 if (info->del_set.index != IPSET_INVALID_ID) 228 220 ip_set_del(info->del_set.index, 229 221 skb, par->family, 230 - info->add_set.dim, 222 + info->del_set.dim, 231 223 info->del_set.flags); 232 224 233 225 return XT_CONTINUE; ··· 253 245 if (index == IPSET_INVALID_ID) { 254 246 pr_warning("Cannot find del_set index %u as target\n", 255 247 info->del_set.index); 248 + if (info->add_set.index != IPSET_INVALID_ID) 249 + ip_set_nfnl_put(info->add_set.index); 256 250 return -ENOENT; 257 251 } 258 252 } 259 253 if (info->add_set.dim > IPSET_DIM_MAX || 260 - info->del_set.flags > IPSET_DIM_MAX) { 254 + info->del_set.dim > IPSET_DIM_MAX) { 261 255 pr_warning("Protocol error: SET target dimension " 262 256 "is over the limit!\n"); 257 + if (info->add_set.index != IPSET_INVALID_ID) 258 + ip_set_nfnl_put(info->add_set.index); 259 + if (info->del_set.index != IPSET_INVALID_ID) 260 + ip_set_nfnl_put(info->del_set.index); 263 261 return -ERANGE; 264 262 } 265 263