Skip to content

K
Kernel

openeuler / Kernel
大约 2 年 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
未验证 提交 5a1a48ed 编写于 作者: O openeuler-ci-bot 提交者: Gitee
浏览文件
操作

!1435 fix CVE-2023-3117 

Merge Pull Request from: @LiuYongQiang0816 
 
3 patches from Lu Wei 
 
Link:https://gitee.com/openeuler/kernel/pulls/1435 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
上级 8121bcb0 2414a3ff
显示空白变更内容
内联 并排
Showing with 26 addition and 4 deletion
include/net/netfilter/nf_tables.h
浏览文件 @ 5a1a48ed
...@@ -733,6 +733,7 @@ struct nft_expr_type { ...@@ -733,6 +733,7 @@ struct nft_expr_type {
enum nft_trans_phase { enum nft_trans_phase {
NFT_TRANS_PREPARE, NFT_TRANS_PREPARE,
NFT_TRANS_PREPARE_ERROR,
NFT_TRANS_ABORT, NFT_TRANS_ABORT,
NFT_TRANS_COMMIT, NFT_TRANS_COMMIT,
NFT_TRANS_RELEASE NFT_TRANS_RELEASE
......
net/netfilter/nf_tables_api.c
浏览文件 @ 5a1a48ed
...@@ -115,7 +115,8 @@ static void nft_trans_destroy(struct nft_trans *trans) ...@@ -115,7 +115,8 @@ static void nft_trans_destroy(struct nft_trans *trans)
kfree(trans); kfree(trans);
} }
static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set) static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,
bool bind)
{ {
struct net *net = ctx->net; struct net *net = ctx->net;
struct nft_trans *trans; struct nft_trans *trans;
...@@ -127,16 +128,26 @@ static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set) ...@@ -127,16 +128,26 @@ static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
switch (trans->msg_type) { switch (trans->msg_type) {
case NFT_MSG_NEWSET: case NFT_MSG_NEWSET:
if (nft_trans_set(trans) == set) if (nft_trans_set(trans) == set)
nft_trans_set_bound(trans) = true; nft_trans_set_bound(trans) = bind;
break; break;
case NFT_MSG_NEWSETELEM: case NFT_MSG_NEWSETELEM:
if (nft_trans_elem_set(trans) == set) if (nft_trans_elem_set(trans) == set)
nft_trans_elem_set_bound(trans) = true; nft_trans_elem_set_bound(trans) = bind;
break; break;
} }
} }
} }
static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
{
return __nft_set_trans_bind(ctx, set, true);
}
static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set)
{
return __nft_set_trans_bind(ctx, set, false);
}
static int nf_tables_register_hook(struct net *net, static int nf_tables_register_hook(struct net *net,
const struct nft_table *table, const struct nft_table *table,
struct nft_chain *chain) struct nft_chain *chain)
...@@ -2755,7 +2766,8 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, ...@@ -2755,7 +2766,8 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
return 0; return 0;
err2: err2:
nf_tables_rule_release(&ctx, rule); nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE_ERROR);
nf_tables_rule_destroy(&ctx, rule);
err1: err1:
for (i = 0; i < n; i++) { for (i = 0; i < n; i++) {
if (info[i].ops) { if (info[i].ops) {
...@@ -3774,6 +3786,15 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, ...@@ -3774,6 +3786,15 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
enum nft_trans_phase phase) enum nft_trans_phase phase)
{ {
switch (phase) { switch (phase) {
case NFT_TRANS_PREPARE_ERROR:
nft_set_trans_unbind(ctx, set);
if (nft_set_is_anonymous(set))
nft_deactivate_next(ctx->net, set);
else
list_del_rcu(&binding->list);
set->use--;
break;
case NFT_TRANS_PREPARE: case NFT_TRANS_PREPARE:
if (nft_set_is_anonymous(set)) if (nft_set_is_anonymous(set))
nft_deactivate_next(ctx->net, set); nft_deactivate_next(ctx->net, set);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册