From: Gao Feng <f...@ikuai8.com>
When memory is exhausted, nf_ct_nat_ext_add may return NULL. Then
nf_nat_ipv4_fn and nf_nat_ipv6_fn would return NF_ACCEPT in this
case.
So we need add the NULL check when invoke nfct_nat in these two
functions.
Signed-off-by: Gao Feng <f...@ikuai8.com>
---
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 2 ++
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
index ea91058..353ca0c 100644
--- a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
+++ b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
@@ -38,6 +38,8 @@
ct = nf_ct_get(skb, &ctinfo);
nat = nfct_nat(ct);
+ if (!nat)
+ return NF_ACCEPT;
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
ctinfo == IP_CT_RELATED_REPLY));
diff --git a/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
b/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
index 051b6a6..875e776 100644
--- a/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
+++ b/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
@@ -32,17 +32,21 @@
enum ip_conntrack_info ctinfo;
struct in6_addr src;
struct nf_conn *ct;
+ struct nf_conn_nat *nat;
struct nf_nat_range newrange;
ct = nf_ct_get(skb, &ctinfo);
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
ctinfo == IP_CT_RELATED_REPLY));
+ nat = nfct_nat(ct);
+ if (!nat)
+ return NF_ACCEPT;
if (ipv6_dev_get_saddr(nf_ct_net(ct), out,
&ipv6_hdr(skb)->daddr, 0, &src) < 0)
return NF_DROP;
- nfct_nat(ct)->masq_index = out->ifindex;
+ nat->masq_index = out->ifindex;
newrange.flags = range->flags | NF_NAT_RANGE_MAP_IPS;
newrange.min_addr.in6 = src;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
