diff options
| author |   Jozsef Kadlecsik <kadlec@netfilter.org> | 2026-05-14 10:55:10 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2026-05-16 12:19:56 +0200 |
| commit | 53d7fd878c28b28e03769071d1f28ef031a060ad (patch) | |
| tree | 3addf8508b4e1a4157f38bb2fdec7ecb2a64292c /include/linux/bcma/ssh:/git@git.zx2c4.com | |
| parent | ipvs: avoid possible loop in ip_vs_dst_event on resizing (diff) | |
netfilter: ipset: fix a potential dump-destroy race
When dumping sets in order to create the proper order for restore,
the list type of sets dumped last. Therefore internally we run the
dumping loop twice: first with all non-list type of sets and skipping
the list type ones and then secondly for the list type of sets.
Sashiko noticed that there's a potential race between dump and destroy
if in the first loop the last set was a list type of set: its pointer
remains unreferenced and a concurrent destroy can free it.
Fix the issue by resetting the variable holding the pointer.
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/bcma/ssh:/git@git.zx2c4.com')
0 files changed, 0 insertions, 0 deletions