mirror of https://github.com/torvalds/linux.git
4440a2ab3b
When memory is exhausted, nfct_seqadj_ext_add may fail to add the synproxy and seqadj extensions. The function nf_ct_seqadj_init doesn't check if get valid seqadj pointer by the nfct_seqadj. Now drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer in nf_ct_seqadj_init from init_conntrack(). Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| ipv4 | ||
| ipv6 | ||
| br_netfilter.h | ||
| nf_conntrack.h | ||
| nf_conntrack_acct.h | ||
| nf_conntrack_core.h | ||
| nf_conntrack_ecache.h | ||
| nf_conntrack_expect.h | ||
| nf_conntrack_extend.h | ||
| nf_conntrack_helper.h | ||
| nf_conntrack_l3proto.h | ||
| nf_conntrack_l4proto.h | ||
| nf_conntrack_labels.h | ||
| nf_conntrack_seqadj.h | ||
| nf_conntrack_synproxy.h | ||
| nf_conntrack_timeout.h | ||
| nf_conntrack_timestamp.h | ||
| nf_conntrack_tuple.h | ||
| nf_conntrack_zones.h | ||
| nf_dup_netdev.h | ||
| nf_log.h | ||
| nf_nat.h | ||
| nf_nat_core.h | ||
| nf_nat_helper.h | ||
| nf_nat_l3proto.h | ||
| nf_nat_l4proto.h | ||
| nf_nat_redirect.h | ||
| nf_queue.h | ||
| nf_tables.h | ||
| nf_tables_bridge.h | ||
| nf_tables_core.h | ||
| nf_tables_ipv4.h | ||
| nf_tables_ipv6.h | ||
| nfnetlink_log.h | ||
| nft_dup.h | ||
| nft_masq.h | ||
| nft_meta.h | ||
| nft_redir.h | ||
| nft_reject.h | ||
| xt_rateest.h | ||