linux/net/bridge/netfilter
Thomas Graf c58dd2dd44 netfilter: Can't fail and free after table replacement
All xtables variants suffer from the defect that the copy_to_user()
to copy the counters to user memory may fail after the table has
already been exchanged and thus exposed. Return an error at this
point will result in freeing the already exposed table. Any
subsequent packet processing will result in a kernel panic.

We can't copy the counters before exposing the new tables as we
want provide the counter state after the old table has been
unhooked. Therefore convert this into a silent error.

Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-04-05 17:46:22 +02:00
..
Kconfig netfilter: bridge: fix nf_tables bridge dependencies with main core 2013-10-28 17:41:21 +01:00
Makefile netfilter: add nftables 2013-10-14 17:15:48 +02:00
ebt_802_3.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_among.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_arp.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_arpreply.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ebt_dnat.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_ip.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_ip6.c netfilter: ebt_ip6: fix source and destination matching 2013-11-19 15:33:29 +01:00
ebt_limit.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_log.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
ebt_mark.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ebt_mark_m.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_nflog.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
ebt_pkttype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_redirect.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_snat.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_stp.c bridge: netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:17 -04:00
ebt_ulog.c netfilter: ebt_ulog: fix info leaks 2013-10-02 17:28:20 +02:00
ebt_vlan.c netfilter: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
ebtable_broute.c bridge: change the position of '{' to the pre line 2013-12-19 19:27:26 -05:00
ebtable_filter.c bridge: change the position of '{' to the pre line 2013-12-19 19:27:26 -05:00
ebtable_nat.c bridge: change the position of '{' to the pre line 2013-12-19 19:27:26 -05:00
ebtables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
nf_tables_bridge.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00