From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 20 Feb 2015 16:11:10 +0000 (+0100)
Subject: netfilter: nf_tables: fix addition/deletion of elements from commit/abort
X-Git-Tag: omap-for-v4.1/wl12xx-dt~34^2~10^2~5
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=02263db00b6cb98701332aa257c07ca549c2324b;p=pandora-kernel.git

netfilter: nf_tables: fix addition/deletion of elements from commit/abort

We have several problems in this path:

1) There is a use-after-free when removing individual elements from
   the commit path.

2) We have to uninit() the data part of the element from the abort
   path to avoid a chain refcount leak.

3) We have to check for set->flags to see if there's a mapping, instead
   of the element flags.

4) We have to check for !(flags & NFT_SET_ELEM_INTERVAL_END) to skip
   elements that are part of the interval that have no data part, so
   they don't need to be uninit().

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed