1
linux/net/netfilter
Patrick McHardy 5397e97d75 [NETFILTER]: nf_conntrack: fix use-after-free in helper destroy callback invocation
When the helper module is removed for a master connection that has a
fulfilled expectation, but has already timed out and got removed from
the hash tables, nf_conntrack_helper_unregister can't find the master
connection to unset the helper, causing a use-after-free when the
expected connection is destroyed and releases the last reference to
the master.

The helper destroy callback was introduced for the PPtP helper to clean
up expectations and expected connections when the master connection
times out, but doing this from destroy_conntrack only works for
unfulfilled expectations since expected connections hold a reference
to the master, preventing its destruction. Move the destroy callback to
the timeout function, which fixes both problems.

Reported/tested by Gabor Burjan <buga@buvoshetes.hu>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-19 14:23:52 -07:00
..
core.c [NETFILTER]: nf_conntrack: kill destroy() in struct nf_conntrack for diet 2007-04-25 22:27:45 -07:00
Kconfig Fix trivial typos in Kconfig* files 2007-05-09 07:12:20 +02:00
Makefile [NETFILTER]: add IPv6-capable TCPMSS target 2007-02-08 12:39:16 -08:00
nf_conntrack_amanda.c [NETFILTER]: nf_conntrack: fix header inclusions for helpers 2006-12-02 22:12:54 -08:00
nf_conntrack_core.c [NETFILTER]: nf_conntrack: fix use-after-free in helper destroy callback invocation 2007-05-19 14:23:52 -07:00
nf_conntrack_ecache.c [NETFILTER]: nf_conntrack: uninline notifier registration functions 2007-04-25 22:25:46 -07:00
nf_conntrack_expect.c Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
nf_conntrack_ftp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port 2006-12-02 22:08:46 -08:00
nf_conntrack_h323_main.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port 2006-12-02 22:08:46 -08:00
nf_conntrack_helper.c [NETFILTER]: nf_conntrack: EXPORT_SYMBOL cleanup 2006-12-02 22:11:25 -08:00
nf_conntrack_irc.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_l3proto_generic.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_netbios_ns.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
nf_conntrack_netlink.c [NETFILTER]: ctnetlink: clear helper area and handle unchanged helper 2007-05-10 23:47:47 -07:00
nf_conntrack_pptp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_proto_generic.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_proto_gre.c [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs 2007-03-05 13:25:19 -08:00
nf_conntrack_proto_sctp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_proto_tcp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_proto_udp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_proto.c [NETLINK]: Possible cleanups. 2007-04-26 00:57:41 -07:00
nf_conntrack_sane.c [NETFILTER]: Add SANE connection tracking helper 2007-02-08 12:39:09 -08:00
nf_conntrack_sip.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_standalone.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_tftp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_internals.h [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_log.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_queue.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_sockopt.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
nfnetlink_log.c [NETFILTER]: nfnetlink_log: remove fallback to group 0 2007-04-25 22:29:01 -07:00
nfnetlink_queue.c [SK_BUFF]: Introduce skb_copy_to_linear_data{_offset} 2007-04-25 22:28:29 -07:00
nfnetlink.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
x_tables.c [NETFILTER]: x_tables: remove duplicate of xt_prefix 2007-04-25 22:25:33 -07:00
xt_CLASSIFY.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_comment.c [NETFILTER]: x_tables: make use of mass registation helpers 2006-09-22 14:55:32 -07:00
xt_connbytes.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
xt_connmark.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
xt_CONNMARK.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
xt_CONNSECMARK.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
xt_conntrack.c [NETFILTER]: xt_conntrack: add compat support 2007-05-10 23:48:00 -07:00
xt_dccp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_dscp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
xt_DSCP.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
xt_esp.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
xt_hashlimit.c [NETFILTER]: Use setup_timer 2007-04-25 22:27:43 -07:00
xt_helper.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
xt_length.c [SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h 2007-04-25 22:25:14 -07:00
xt_limit.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
xt_mac.c [SK_BUFF]: Introduce skb_mac_header() 2007-04-25 22:24:41 -07:00
xt_mark.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_MARK.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_multiport.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_NFLOG.c [NETFILTER]: x_tables: add NFLOG target 2006-12-02 21:31:31 -08:00
xt_NFQUEUE.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_NOTRACK.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
xt_physdev.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_pkttype.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
xt_policy.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_quota.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_realm.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
xt_sctp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_SECMARK.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_state.c [NETFILTER]: Remove IPv4 only connection tracking/NAT 2007-04-25 22:25:34 -07:00
xt_statistic.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
xt_string.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_tcpmss.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_TCPMSS.c [SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h 2007-04-25 22:25:14 -07:00
xt_tcpudp.c [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00