diff options
author | Liping Zhang <zlpnobody@gmail.com> | 2017-04-02 17:27:53 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-08 23:52:16 +0200 |
commit | 0c7930e5763bdd189bd50035c025a9cbe5e82f23 (patch) | |
tree | e050756cd08b43500bc7e2b8a6f803a9f0b376bb /net/netfilter/nf_nat_redirect.c | |
parent | 3173d5b8c89e67fa3176292ff9af06f09f365348 (diff) | |
download | linux-stable-0c7930e5763bdd189bd50035c025a9cbe5e82f23.tar.gz linux-stable-0c7930e5763bdd189bd50035c025a9cbe5e82f23.tar.bz2 linux-stable-0c7930e5763bdd189bd50035c025a9cbe5e82f23.zip |
netfilter: make it safer during the inet6_dev->addr_list traversal
inet6_dev->addr_list is protected by inet6_dev->lock, so only using
rcu_read_lock is not enough, we should acquire read_lock_bh(&idev->lock)
before the inet6_dev->addr_list traversal.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_nat_redirect.c')
-rw-r--r-- | net/netfilter/nf_nat_redirect.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_nat_redirect.c b/net/netfilter/nf_nat_redirect.c index d43869879fcf..86067560a318 100644 --- a/net/netfilter/nf_nat_redirect.c +++ b/net/netfilter/nf_nat_redirect.c @@ -101,11 +101,13 @@ nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range, rcu_read_lock(); idev = __in6_dev_get(skb->dev); if (idev != NULL) { + read_lock_bh(&idev->lock); list_for_each_entry(ifa, &idev->addr_list, if_list) { newdst = ifa->addr; addr = true; break; } + read_unlock_bh(&idev->lock); } rcu_read_unlock(); |