Commit 3bc38712 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject

In case of an unknown verdict or NF_STOP the packet leaks. Unknown verdicts
can happen when userspace is buggy. Reinject the packet in case of NF_STOP,
drop on unknown verdicts.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 083edca0
...@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, ...@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
switch (verdict & NF_VERDICT_MASK) { switch (verdict & NF_VERDICT_MASK) {
case NF_ACCEPT: case NF_ACCEPT:
case NF_STOP:
info->okfn(skb); info->okfn(skb);
case NF_STOLEN:
break; break;
case NF_QUEUE: case NF_QUEUE:
if (!nf_queue(&skb, elem, info->pf, info->hook, if (!nf_queue(&skb, elem, info->pf, info->hook,
info->indev, info->outdev, info->okfn, info->indev, info->outdev, info->okfn,
verdict >> NF_VERDICT_BITS)) verdict >> NF_VERDICT_BITS))
goto next_hook; goto next_hook;
break; break;
default:
kfree_skb(skb);
} }
rcu_read_unlock(); rcu_read_unlock();
if (verdict == NF_DROP)
kfree_skb(skb);
kfree(info); kfree(info);
return; return;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment