Skip to content

Commit 2b4a32d

Browse files
author
Paolo Abeni
committed
Merge tag 'nf-24-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: Fix a possible null-ptr-deref sometimes triggered by iptables-restore at boot time. Register iptables {ipv4,ipv6} nat table pernet in first place to fix this issue. Patch #1 and #2 from Kuniyuki Iwashima. netfilter pull request 24-07-31 * tag 'nf-24-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). ==================== Link: https://patch.msgid.link/[email protected] Signed-off-by: Paolo Abeni <[email protected]>
2 parents a46c68d + c22921d commit 2b4a32d

File tree

2 files changed

+19
-13
lines changed

2 files changed

+19
-13
lines changed

net/ipv4/netfilter/iptable_nat.c

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -145,25 +145,27 @@ static struct pernet_operations iptable_nat_net_ops = {
145145

146146
static int __init iptable_nat_init(void)
147147
{
148-
int ret = xt_register_template(&nf_nat_ipv4_table,
149-
iptable_nat_table_init);
148+
int ret;
150149

150+
/* net->gen->ptr[iptable_nat_net_id] must be allocated
151+
* before calling iptable_nat_table_init().
152+
*/
153+
ret = register_pernet_subsys(&iptable_nat_net_ops);
151154
if (ret < 0)
152155
return ret;
153156

154-
ret = register_pernet_subsys(&iptable_nat_net_ops);
155-
if (ret < 0) {
156-
xt_unregister_template(&nf_nat_ipv4_table);
157-
return ret;
158-
}
157+
ret = xt_register_template(&nf_nat_ipv4_table,
158+
iptable_nat_table_init);
159+
if (ret < 0)
160+
unregister_pernet_subsys(&iptable_nat_net_ops);
159161

160162
return ret;
161163
}
162164

163165
static void __exit iptable_nat_exit(void)
164166
{
165-
unregister_pernet_subsys(&iptable_nat_net_ops);
166167
xt_unregister_template(&nf_nat_ipv4_table);
168+
unregister_pernet_subsys(&iptable_nat_net_ops);
167169
}
168170

169171
module_init(iptable_nat_init);

net/ipv6/netfilter/ip6table_nat.c

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -147,23 +147,27 @@ static struct pernet_operations ip6table_nat_net_ops = {
147147

148148
static int __init ip6table_nat_init(void)
149149
{
150-
int ret = xt_register_template(&nf_nat_ipv6_table,
151-
ip6table_nat_table_init);
150+
int ret;
152151

152+
/* net->gen->ptr[ip6table_nat_net_id] must be allocated
153+
* before calling ip6t_nat_register_lookups().
154+
*/
155+
ret = register_pernet_subsys(&ip6table_nat_net_ops);
153156
if (ret < 0)
154157
return ret;
155158

156-
ret = register_pernet_subsys(&ip6table_nat_net_ops);
159+
ret = xt_register_template(&nf_nat_ipv6_table,
160+
ip6table_nat_table_init);
157161
if (ret)
158-
xt_unregister_template(&nf_nat_ipv6_table);
162+
unregister_pernet_subsys(&ip6table_nat_net_ops);
159163

160164
return ret;
161165
}
162166

163167
static void __exit ip6table_nat_exit(void)
164168
{
165-
unregister_pernet_subsys(&ip6table_nat_net_ops);
166169
xt_unregister_template(&nf_nat_ipv6_table);
170+
unregister_pernet_subsys(&ip6table_nat_net_ops);
167171
}
168172

169173
module_init(ip6table_nat_init);

0 commit comments

Comments
 (0)