From: Patrick McHardy <kaber@xxxxxxxxx>
Return an error when NLM_F_REPLACE is given without the handle of the
rule to replace.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 10 +++-------
1 Datei geändert, 3 Zeilen hinzugefügt(+), 7 Zeilen entfernt(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c91f638..bbd463e 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1368,13 +1368,12 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
if (nlh->nlmsg_flags & NLM_F_EXCL)
return -EEXIST;
- if (nlh->nlmsg_flags & NLM_F_REPLACE) {
+ if (nlh->nlmsg_flags & NLM_F_REPLACE)
old_rule = rule;
- rule = NULL;
- } else
+ else
return -EOPNOTSUPP;
} else {
- if (!create)
+ if (!create || nlh->nlmsg_flags & NLM_F_REPLACE)
return -EINVAL;
handle = nf_tables_alloc_handle(table);
}
@@ -1415,9 +1414,6 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
}
if (nlh->nlmsg_flags & NLM_F_REPLACE) {
- if (old_rule == NULL)
- goto err2;
-
list_replace_rcu(&old_rule->list, &rule->list);
nf_tables_rule_notify(skb, nlh, table, chain, old_rule,
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
