diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-28 13:45:16 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-06-10 13:37:05 +0200 |
commit | 66f3ab065b70e0b6f487473d8729cbefb75bc258 (patch) | |
tree | c4a3d58fc983371cc017adfaa09d52ad83f0205c /net | |
parent | netfilter: nft_ct: skip expectations for confirmed conntrack (diff) | |
download | wireguard-linux-66f3ab065b70e0b6f487473d8729cbefb75bc258.tar.xz wireguard-linux-66f3ab065b70e0b6f487473d8729cbefb75bc258.zip |
netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
[ Upstream commit 8971ee8b087750a23f3cd4dc55bff2d0303fd267 ]
The private helper data size cannot be updated. However, updates that
contain NFCTH_PRIV_DATA_LEN might bogusly hit EBUSY even if the size is
the same.
Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nfnetlink_cthelper.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c index 81406b93f126..3d5fc07b2530 100644 --- a/net/netfilter/nfnetlink_cthelper.c +++ b/net/netfilter/nfnetlink_cthelper.c @@ -380,10 +380,14 @@ static int nfnl_cthelper_update(const struct nlattr * const tb[], struct nf_conntrack_helper *helper) { + u32 size; int ret; - if (tb[NFCTH_PRIV_DATA_LEN]) - return -EBUSY; + if (tb[NFCTH_PRIV_DATA_LEN]) { + size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN])); + if (size != helper->data_len) + return -EBUSY; + } if (tb[NFCTH_POLICY]) { ret = nfnl_cthelper_update_policy(helper, tb[NFCTH_POLICY]); |