tree b8f6cebd9e682882394b92e7e737436b3648e1d7
parent 94cd2b67641e7ddc2e6ed71d76e00116957423db
author Pablo Neira <[EMAIL PROTECTED]> Wed, 10 Aug 2005 10:02:55 -0700
committer David S. Miller <[EMAIL PROTECTED]> Tue, 30 Aug 2005 05:39:05 -0700
[NETFILTER]: conntrack_netlink: Fix locking during conntrack_create
The current codepath allowed for ip_conntrack_lock to be unlock'ed twice.
Signed-off-by: Pablo Neira <[EMAIL PROTECTED]>
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
net/ipv4/netfilter/ip_conntrack_netlink.c | 13 +++++++------
1 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c
b/net/ipv4/netfilter/ip_conntrack_netlink.c
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1052,13 +1052,14 @@ ctnetlink_new_conntrack(struct sock *ctn
err = -ENOENT;
if (nlh->nlmsg_flags & NLM_F_CREATE)
err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
+ return err;
+ }
+ /* implicit 'else' */
+
+ /* we only allow nat config for new conntracks */
+ if (cda[CTA_NAT-1]) {
+ err = -EINVAL;
goto out_unlock;
- } else {
- /* we only allow nat config for new conntracks */
- if (cda[CTA_NAT-1]) {
- err = -EINVAL;
- goto out_unlock;
- }
}
/* We manipulate the conntrack inside the global conntrack table lock,
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
