diff options
author | Florian Westphal <fw@strlen.de> | 2014-06-08 09:41:23 (GMT) |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-16 10:51:36 (GMT) |
commit | cd5f336f1780cb20e83146cde64d3d5779e175e6 (patch) | |
tree | 1256bde8377eda4f1ca29a232eaaa0e8a3d13e22 /README | |
parent | 266155b2de8fb721ae353688529b2f8bcdde2f90 (diff) | |
download | linux-cd5f336f1780cb20e83146cde64d3d5779e175e6.tar.xz |
netfilter: ctnetlink: fix refcnt leak in dying/unconfirmed list dumper
'last' keeps track of the ct that had its refcnt bumped during previous
dump cycle. Thus it must not be overwritten until end-of-function.
Another (unrelated, theoretical) issue: Don't attempt to bump refcnt of a conntrack
whose reference count is already 0. Such conntrack is being destroyed
right now, its memory is freed once we release the percpu dying spinlock.
Fixes: b7779d06 ('netfilter: conntrack: spinlock per cpu to protect special lists.')
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions