AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity

openvswitch: use after free in __ovs_ct_free_action()

Browse Source 
We free "ct_info->ct" and then use it on the next line when we pass it
to nf_ct_destroy_timeout().  This patch swaps the order to avoid the use
after free.

Fixes: 06bd2bdf19 ("openvswitch: Add timeout support to ct action")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Dan Carpenter 2019-04-02 09:53:14 +03:00 committed by David S. Miller
parent f0dfecc93a
commit 6d670497e0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/openvswitch/conntrack.c
View File

@ -1804,9 +1804,9 @@ static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info)
if (ct_info->helper) if (ct_info->helper)
nf_conntrack_helper_put(ct_info->helper); nf_conntrack_helper_put(ct_info->helper);
if (ct_info->ct) { if (ct_info->ct) {
nf_ct_tmpl_free(ct_info->ct);
if (ct_info->timeout[0]) if (ct_info->timeout[0])
nf_ct_destroy_timeout(ct_info->ct); nf_ct_destroy_timeout(ct_info->ct);
nf_ct_tmpl_free(ct_info->ct);
} }
} }