From: Thomas Graf <tgraf@suug.ch>
Date: Fri, 4 Apr 2014 15:57:45 +0000 (+0200)
Subject: netfilter: Can't fail and free after table replacement
X-Git-Tag: v3.15-rc1~47^2~10^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c58dd2dd443c26d856a168db108a0cd11c285bf3;p=pandora-kernel.git

netfilter: Can't fail and free after table replacement

All xtables variants suffer from the defect that the copy_to_user()
to copy the counters to user memory may fail after the table has
already been exchanged and thus exposed. Return an error at this
point will result in freeing the already exposed table. Any
subsequent packet processing will result in a kernel panic.

We can't copy the counters before exposing the new tables as we
want provide the counter state after the old table has been
unhooked. Therefore convert this into a silent error.

Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed