subject:"\[PATCH v5 nf\] netfilter\: seqadj\: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later"

Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

2016-09-07 Thread Pablo Neira Ayuso

On Tue, Sep 06, 2016 at 04:51:17PM +0200, Florian Westphal wrote: > f...@ikuai8.com wrote: > > From: Gao Feng > > > > When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj > > extension. But the function nf_ct_seqadj_init doesn't check if get

Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

2016-09-06 Thread Gao Feng

inline On Tue, Sep 6, 2016 at 10:51 PM, Florian Westphal wrote: > f...@ikuai8.com wrote: >> From: Gao Feng >> >> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj >> extension. But the function nf_ct_seqadj_init doesn't

Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

2016-09-06 Thread Florian Westphal

f...@ikuai8.com wrote: > From: Gao Feng > > When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj > extension. But the function nf_ct_seqadj_init doesn't check if get valid > seqadj pointer by the nfct_seqadj. > > Now drop the packet

[PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

2016-09-06 Thread fgao

From: Gao Feng When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj extension. But the function nf_ct_seqadj_init doesn't check if get valid seqadj pointer by the nfct_seqadj. Now drop the packet directly when fail to add seqadj extension to avoid