diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-14 16:42:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-01-17 10:52:55 +0100 |
commit | be94db9ddac0d6ea76f479b04fb3a43314654c9f (patch) | |
tree | 47bcb86c44bec1819a8581e88745b2812f2487b3 | |
parent | 088067f4f14d6ee5c6a196b015a560cbe7744224 (diff) |
netfilter: ipset: dumping error triggered removing references twice
If there was a dumping error in the middle, the set-specific variable was
not zeroed out and thus the 'done' function of the dumping wrongly tried
to release the already released reference of the set. The already released
reference was caught by __ip_set_put and triggered a kernel BUG message.
Reported by Jean-Philippe Menil.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 0f8e5f2fa1ba..32dbf0fa89db 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1142,6 +1142,7 @@ release_refcount: if (ret || !cb->args[2]) { pr_debug("release set %s\n", ip_set_list[index]->name); ip_set_put_byindex(index); + cb->args[2] = 0; } out: if (nlh) { |