From: Gao Feng <fgao@xxxxxxxxxx> When memory is exhausted, nf_ct_nat_ext_add may return NULL. Then nf_nat_ipv4_fn and nf_nat_ipv6_fn would return NF_ACCEPT in this case. So we need add the NULL check when invoke nfct_nat in these two functions. Signed-off-by: Gao Feng <fgao@xxxxxxxxxx> --- net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 2 ++ net/ipv6/netfilter/nf_nat_masquerade_ipv6.c | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c index ea91058..353ca0c 100644 --- a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c +++ b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c @@ -38,6 +38,8 @@ ct = nf_ct_get(skb, &ctinfo); nat = nfct_nat(ct); + if (!nat) + return NF_ACCEPT; NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED_REPLY)); diff --git a/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c b/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c index 051b6a6..875e776 100644 --- a/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c +++ b/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c @@ -32,17 +32,21 @@ enum ip_conntrack_info ctinfo; struct in6_addr src; struct nf_conn *ct; + struct nf_conn_nat *nat; struct nf_nat_range newrange; ct = nf_ct_get(skb, &ctinfo); NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED_REPLY)); + nat = nfct_nat(ct); + if (!nat) + return NF_ACCEPT; if (ipv6_dev_get_saddr(nf_ct_net(ct), out, &ipv6_hdr(skb)->daddr, 0, &src) < 0) return NF_DROP; - nfct_nat(ct)->masq_index = out->ifindex; + nat->masq_index = out->ifindex; newrange.flags = range->flags | NF_NAT_RANGE_MAP_IPS; newrange.min_addr.in6 = src; -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
