On Tue, Jan 11, 2022 at 08:22:34AM +0300, Dan Carpenter wrote:
> The NULL check is reversed so nft_connlimit_clone() can never succeed.
>
> Fixes: 37f319f37d90 ("netfilter: nft_connlimit: move stateful fields out of expression data")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> Haha haha. A couple months back I accidentally reversed a NULL check
> and invested several days in writing multiple Smatch checks to make sure
> that never happened again. Everyone made fun of me for wasting my time
> but who's laughing now? ha ha. <- me
>
> net/netfilter/nft_connlimit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nft_connlimit.c b/net/netfilter/nft_connlimit.c
> index 58dcafe8bf79..7d00a1452b1d 100644
> --- a/net/netfilter/nft_connlimit.c
> +++ b/net/netfilter/nft_connlimit.c
> @@ -206,7 +206,7 @@ static int nft_connlimit_clone(struct nft_expr *dst, const struct nft_expr *src)
> struct nft_connlimit *priv_src = nft_expr_priv(src);
>
> priv_dst->list = kmalloc(sizeof(*priv_dst->list), GFP_ATOMIC);
> - if (priv_dst->list)
> + if (!priv_dst->list)
> return -ENOMEM;
>
> nf_conncount_list_init(priv_dst->list);
Ugh... Hold of on this. I'll send v2. nft_last_clone() has a similar
issue.
regards,
dan carpenter
