Commit 2b4a32da authored by Paolo Abeni's avatar Paolo Abeni
Browse files

Merge tag 'nf-24-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

Fix a possible null-ptr-deref sometimes triggered by iptables-restore at
boot time. Register iptables {ipv4,ipv6} nat table pernet in first place
to fix this issue. Patch #1 and #2 from Kuniyuki Iwashima.

netfilter pull request 24-07-31

* tag 'nf-24-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
  netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
====================

Link: https://patch.msgid.link/20240731213046.6194-1-pablo@netfilter.org


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parents a46c68de c22921df

net/ipv4/netfilter/iptable_nat.c

+10 −8
Original line number Diff line number Diff line
@@ -145,25 +145,27 @@ static struct pernet_operations iptable_nat_net_ops = { 


static int __init iptable_nat_init(void)

{

	int ret = xt_register_template(&nf_nat_ipv4_table,

				       iptable_nat_table_init);

	int ret;



	/* net->gen->ptr[iptable_nat_net_id] must be allocated

	 * before calling iptable_nat_table_init().

	 */

	ret = register_pernet_subsys(&iptable_nat_net_ops);

	if (ret < 0)

		return ret;



	ret = register_pernet_subsys(&iptable_nat_net_ops);

	if (ret < 0) {

		xt_unregister_template(&nf_nat_ipv4_table);

		return ret;

	}

	ret = xt_register_template(&nf_nat_ipv4_table,

				   iptable_nat_table_init);

	if (ret < 0)

		unregister_pernet_subsys(&iptable_nat_net_ops);



	return ret;

}



static void __exit iptable_nat_exit(void)

{

	unregister_pernet_subsys(&iptable_nat_net_ops);

	xt_unregister_template(&nf_nat_ipv4_table);

	unregister_pernet_subsys(&iptable_nat_net_ops);

}



module_init(iptable_nat_init);

net/ipv6/netfilter/ip6table_nat.c

+9 −5
Original line number Diff line number Diff line
@@ -147,23 +147,27 @@ static struct pernet_operations ip6table_nat_net_ops = { 


static int __init ip6table_nat_init(void)

{

	int ret = xt_register_template(&nf_nat_ipv6_table,

				       ip6table_nat_table_init);

	int ret;



	/* net->gen->ptr[ip6table_nat_net_id] must be allocated

	 * before calling ip6t_nat_register_lookups().

	 */

	ret = register_pernet_subsys(&ip6table_nat_net_ops);

	if (ret < 0)

		return ret;



	ret = register_pernet_subsys(&ip6table_nat_net_ops);

	ret = xt_register_template(&nf_nat_ipv6_table,

				   ip6table_nat_table_init);

	if (ret)

		xt_unregister_template(&nf_nat_ipv6_table);

		unregister_pernet_subsys(&ip6table_nat_net_ops);



	return ret;

}



static void __exit ip6table_nat_exit(void)

{

	unregister_pernet_subsys(&ip6table_nat_net_ops);

	xt_unregister_template(&nf_nat_ipv6_table);

	unregister_pernet_subsys(&ip6table_nat_net_ops);

}



module_init(ip6table_nat_init);