On Thu, Sep 08, 2016 at 05:53:58PM +0800, fgao@xxxxxxxxxx wrote:
> From: Gao Feng <fgao@xxxxxxxxxx>
>
> There are some codes of netfilter module which did not check the return
> value of register_netdevice_notifier. Add the checks now.
>
> Signed-off-by: Gao Feng <fgao@xxxxxxxxxx>
> ---
> v2: Add all return value checks in netfilter module
> v1: Initial patch
>
> net/netfilter/nf_tables_netdev.c | 24 ++++++++++++++++++------
> net/netfilter/nfnetlink_queue.c | 9 ++++++++-
> net/netfilter/xt_TEE.c | 8 +++++++-
> 3 files changed, 33 insertions(+), 8 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_netdev.c b/net/netfilter/nf_tables_netdev.c
> index 5eefe4a..2c2a17e 100644
> --- a/net/netfilter/nf_tables_netdev.c
> +++ b/net/netfilter/nf_tables_netdev.c
> @@ -222,14 +222,26 @@ static int __init nf_tables_netdev_init(void)
> {
> int ret;
>
> - nft_register_chain_type(&nft_filter_chain_netdev);
> + ret = nft_register_chain_type(&nft_filter_chain_netdev);
> + if (ret)
> + goto err1;
> +
Ah good, nft_register_chain_type() is already not checked.
So I'd appreciate if you fix all callsites in the Netfilter tree.
I propose you two patches, one to fix nft_register_chain_type() and
another to fix register_netdevice_notifier() all over the netfilter
tree.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
