> Dong Chenchen <dongchenchen2@xxxxxxxxxx> wrote:
> > net/netfilter/x_tables.c | 8 +++++---
> > 1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index
> > da5d929c7c85..359c880ecb07 100644
> > --- a/net/netfilter/x_tables.c
> > +++ b/net/netfilter/x_tables.c
> > @@ -1239,6 +1239,7 @@ struct xt_table *xt_find_table_lock(struct net *net,
> u_int8_t af,
> > struct module *owner = NULL;
> > struct xt_template *tmpl;
> > struct xt_table *t;
> > + int err = -ENOENT;
> >
> > mutex_lock(&xt[af].mutex);
> > list_for_each_entry(t, &xt_net->tables[af], list) @@ -1247,8 +1248,6
> > @@ struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
> >
> > /* Table doesn't exist in this netns, check larval list */
> > list_for_each_entry(tmpl, &xt_templates[af], list) {
> > - int err;
> > -
> > if (strcmp(tmpl->name, name))
> > continue;
> > if (!try_module_get(tmpl->me))
> > @@ -1267,6 +1266,9 @@ struct xt_table *xt_find_table_lock(struct net *net,
> u_int8_t af,
> > break;
> > }
> >
> > + if (err < 0)
> > + goto out;
> > +
> > /* and once again: */
> > list_for_each_entry(t, &xt_net->tables[af], list)
> > if (strcmp(t->name, name) == 0)
>
> Proabably also:
>
> - if (strcmp(t->name, name) == 0)
> + if (strcmp(t->name, name) == 0 && owner == t->me)
>
Thank you very much for your suggestions!
V2 will be sent.
