From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Bump expectation refcount to make sure it does not vanish while reporting the event via ctnetlink. One user reported a crash while on nf_ct_expect_related_report triggered by the SIP helper. Reported-by: Rafal Fitt <rafalf@xxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/nf_conntrack_expect.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index ec8bb0d..d5fccd3 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -444,8 +444,12 @@ int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, ret = nf_ct_expect_insert(expect); if (ret < 0) goto out; + + atomic_inc(&expect->use); spin_unlock_bh(&nf_conntrack_lock); nf_ct_expect_event_report(IPEXP_NEW, expect, pid, report); + nf_ct_expect_put(expect); + return ret; out: spin_unlock_bh(&nf_conntrack_lock); -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
