aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2010-02-08 11:16:26 -0800
committerDavid S. Miller <davem@davemloft.net>2010-02-08 11:16:26 -0800
commit9edd7ca0a3e3999c260642c92fa008892d82ca6e (patch)
tree87585b10617d47a9eba9f6b9daf5e47f2f0b70e7 /include
parent1b3f720bf033fde1fbb6231f9b156b918c5f68d8 (diff)
downloadkernel_samsung_aries-9edd7ca0a3e3999c260642c92fa008892d82ca6e.zip
kernel_samsung_aries-9edd7ca0a3e3999c260642c92fa008892d82ca6e.tar.gz
kernel_samsung_aries-9edd7ca0a3e3999c260642c92fa008892d82ca6e.tar.bz2
netfilter: nf_conntrack: fix memory corruption with multiple namespaces
As discovered by Jon Masters <jonathan@jonmasters.org>, the "untracked" conntrack, which is located in the data section, might be accidentally freed when a new namespace is instantiated while the untracked conntrack is attached to a skb because the reference count it re-initialized. The best fix would be to use a seperate untracked conntrack per namespace since it includes a namespace pointer. Unfortunately this is not possible without larger changes since the namespace is not easily available everywhere we need it. For now move the untracked conntrack initialization to the init_net setup function to make sure the reference count is not re-initialized and handle cleanup in the init_net cleanup function to make sure namespaces can exit properly while the untracked conntrack is in use in other namespaces. Cc: stable@kernel.org Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions