On Tue, Sep 13, 2016 at 08:49:18AM +0800, fgao@xxxxxxxxxx wrote: > From: Gao Feng <fgao@xxxxxxxxxx> > > When memory is exhausted, nfct_seqadj_ext_add may fail to add the > synproxy and seqadj extensions. The function nf_ct_seqadj_init doesn't > check if get valid seqadj pointer by the nfct_seqadj. > > Now drop the packet directly when fail to add seqadj extension to > avoid dereference NULL pointer in nf_ct_seqadj_init from > init_conntrack(). Applied to nf, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
