33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 6b7b7d5d219dca4465390f4a69096383d17782d3 Mon Sep 17 00:00:00 2001
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Thu, 1 Apr 2021 23:15:02 +0200
|
|
Subject: [PATCH] cache: check for NULL chain in cache_init()
|
|
|
|
Another process might race to add chains after chain_cache_init().
|
|
The generation check does not help since it comes after cache_init().
|
|
NLM_F_DUMP_INTR only guarantees consistency within one single netlink
|
|
dump operation, so it does not help either (cache population requires
|
|
several netlink dump commands).
|
|
|
|
Let's be safe and do not assume the chain exists in the cache when
|
|
populating the rule cache.
|
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
src/rule.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
Index: nftables-0.9.8/src/rule.c
|
|
===================================================================
|
|
--- nftables-0.9.8.orig/src/rule.c
|
|
+++ nftables-0.9.8/src/rule.c
|
|
@@ -205,6 +205,9 @@ static int cache_init_objects(struct net
|
|
if (!chain)
|
|
chain = chain_binding_lookup(table,
|
|
rule->handle.chain.name);
|
|
+ if (!chain) {
|
|
+ return -1;
|
|
+ }
|
|
list_move_tail(&rule->list, &chain->rules);
|
|
}
|
|
if (ret < 0)
|