From: Patrick McHardy <kaber@xxxxxxxxx> Date: Mon, 24 Nov 2008 14:44:36 +0100 (MET) > netfilter: ctnetlink: fix conntrack creation race > > Conntrack creation through ctnetlink has two races: > > - the timer may expire and free the conntrack concurrently, causing an > invalid memory access when attempting to put it in the hash tables > > - an identical conntrack entry may be created in the packet processing > path in the time between the lookup and hash insertion > > Hold the conntrack lock between the lookup and insertion to avoid this. > > Reported-by: Zoltan Borbely <bozo@xxxxxxxxxx> > Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> > Applied. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
