netfilter: conntrack: re-fetch conntrack after insertion - kernel/linux.git

diff options

author	Florian Westphal <fw@strlen.de>	2022-05-20 01:02:04 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-06-06 09:33:50 +0300
commit	b16bb373988da3ceb0308381634117e18b6ec60d (patch)
tree	d100aec8e701761e8e05d32edd6413e0ed796168 /crypto
parent	1fe82bfd9e4ce93399d815ca458b58505191c3e8 (diff)
download	linux-b16bb373988da3ceb0308381634117e18b6ec60d.tar.xz

netfilter: conntrack: re-fetch conntrack after insertion

commit 56b14ecec97f39118bf85c9ac2438c5a949509ed upstream. In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger. Reported-by: <syzbot+793a590957d9c1b96620@syzkaller.appspotmail.com> Fixes: 71d8c47fc653 ("netfilter: conntrack: introduce clash resolution on insertion race") Fixes: 2ad9d7747c10 ("netfilter: conntrack: free extension area immediately") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'crypto')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: