From: Dan Carpenter <dan.carpenter@xxxxxxxxxx> We need to use the _safe version of list_for_each_entry() here otherwise we have a use after free bug. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/nft_compat.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 4811f76..a82667c 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -634,9 +634,9 @@ nft_match_select_ops(const struct nft_ctx *ctx, static void nft_match_release(void) { - struct nft_xt *nft_match; + struct nft_xt *nft_match, *tmp; - list_for_each_entry(nft_match, &nft_match_list, head) + list_for_each_entry_safe(nft_match, tmp, &nft_match_list, head) kfree(nft_match); } @@ -705,9 +705,9 @@ nft_target_select_ops(const struct nft_ctx *ctx, static void nft_target_release(void) { - struct nft_xt *nft_target; + struct nft_xt *nft_target, *tmp; - list_for_each_entry(nft_target, &nft_target_list, head) + list_for_each_entry_safe(nft_target, tmp, &nft_target_list, head) kfree(nft_target); } -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html