diff options
author | Pan Bian <bianpan2016@163.com> | 2018-11-26 18:42:10 +0800 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-11-28 18:23:23 +0100 |
commit | 3bd458e42f23b2ff52596432a53fce708c21915b (patch) | |
tree | 8201085406411c76b6ea2af4ad9b15098282455a | |
parent | bad58fb5a6e318e33a5be150bb6d0c0482b0a2d6 (diff) |
netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
In the error handling block, nla_nest_cancel(skb, atd) is called to
cancel the nest operation. But then, ipset_nest_end(skb, atd) is
unexpected called to end the nest operation. This patch calls the
ipset_nest_end only on the branch that nla_nest_cancel is
not called.
Fixes: 45040978c89("netfilter: ipset: Fix set:list type crash when
flush/dump set in parallel")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_list_set.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c index 4a744a5..60925f7 100644 --- a/kernel/net/netfilter/ipset/ip_set_list_set.c +++ b/kernel/net/netfilter/ipset/ip_set_list_set.c @@ -533,8 +533,8 @@ nla_put_failure: ret = -EMSGSIZE; } else { cb->args[IPSET_CB_ARG0] = i; + ipset_nest_end(skb, atd); } - ipset_nest_end(skb, atd); out: rcu_read_unlock(); return ret; |