Re: [ovs-dev] [patch v2 branch 2.8] conntrack: Fix use after free for FTP control case.

[Ben Pfaff]

On Wed, Jul 11, 2018 at 09:05:11AM -0700, Darrell Ball wrote:
> When conn_update_state() returns true, conn has been freed, so skip calling
> handle_ftp_ctl() with this conn and instead follow code path for new
> connections.
> 
> Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.")
> Signed-off-by: Darrell Ball 

Applied to branch-2.8, thanks!
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v2 branch 2.8] conntrack: Fix use after free for FTP control case.

[Darrell Ball]

When conn_update_state() returns true, conn has been freed, so skip calling
handle_ftp_ctl() with this conn and instead follow code path for new
connections.

Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.")
Signed-off-by: Darrell Ball 
---
 lib/conntrack.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 6691877..08bec61 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1135,8 +1135,11 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
 } else {
 create_new_conn = conn_update_state(ct, pkt, ctx, , now,
 bucket);
-handle_ftp_ctl(ct, ctx, pkt, conn, now, CT_FTP_CTL_OTHER,
-   !!nat_action_info);
+
+if (!create_new_conn) {
+handle_ftp_ctl(ct, ctx, pkt, conn, now, CT_FTP_CTL_OTHER,
+   !!nat_action_info);
+}
 }
 } else {
 create_new_conn = conn_update_state(ct, pkt, ctx, , now,
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev