diff options
| author | Florian Westphal <fw@strlen.de> | 2018-01-13 14:06:08 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-16 01:51:59 +0100 |
| commit | e3eeacbac4ad34fac93f82a7cf15402bba83d22e (patch) | |
| tree | 2869ff48cca83aee6deee69c1bbdc21cf5a8a2cf | |
| parent | 9be9d04b28e75b52f83e3e10ee529a1ec992a2c0 (diff) | |
| download | linux-e3eeacbac4ad34fac93f82a7cf15402bba83d22e.tar.gz linux-e3eeacbac4ad34fac93f82a7cf15402bba83d22e.tar.bz2 linux-e3eeacbac4ad34fac93f82a7cf15402bba83d22e.zip | |
netfilter: x_tables: don't return garbage pointer on modprobe failure
request_module may return a positive error result from modprobe,
if we cast this to ERR_PTR this returns a garbage result (it passes
IS_ERR checks).
Fix it by ignoring modprobe return values entirely, just retry the
table lookup instead.
Reported-by: syzbot+980925dbfbc7f93bc2ef@syzkaller.appspotmail.com
Fixes: 03d13b6868a2 ("netfilter: xtables: add and use xt_request_find_table_lock")
Fixes: 20651cefd25f ("netfilter: x_tables: unbreak module auto loading")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/x_tables.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 5b8f3b7358e6..3c2548787d78 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1085,7 +1085,7 @@ struct xt_table *xt_request_find_table_lock(struct net *net, u_int8_t af, #ifdef CONFIG_MODULES if (IS_ERR(t)) { int err = request_module("%stable_%s", xt_prefix[af], name); - if (err) + if (err < 0) return ERR_PTR(err); t = xt_find_table_lock(net, af, name); } |