Hi, The 2 first patches fixes the same issue, but in 2 different place. Patch 1: So here is how the issue can be reprocuced: Create a netlink message, targeting ipset subsystem. And send a command on id 0 (IPSET_CMD_NONE): This will lead to a crash on line 188 of nfnetlink.c since nc->call is NULL (so you get a NULL dereference). Or Patch 2: Same issue. It fixes ipset to handle the IPSET_CMD_NONE, return -EOPNOTSUPP. Patch 3: While doing patch 1 I figured out rcu_read_unlock() is not called in case nla_parse() error, so it fixes it. Br, Tomasz Bursztyka (3): nfnetlink: Check callbacks before using those in nfnetlink_rcv_msg ipset: Handle properly an IPSET_CMD_NONE nfnetlink: Unlock a previously locked rcu_read in nfnetlink_rcv_msg net/netfilter/ipset/ip_set_core.c | 12 ++++++++++++ net/netfilter/nfnetlink.c | 8 ++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) -- 1.7.8.6 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
