[ovs-dev] [patch v1] conntrack: Fix conn_update_state_alg use after free.
Darrell Ball
dlu998 at gmail.com
Tue Jul 10 16:15:09 UTC 2018
Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---
Needs backporting as far back as 2.8.
lib/conntrack.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e1c1f2e..b818584 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1159,8 +1159,11 @@ conn_update_state_alg(struct conntrack *ct, struct dp_packet *pkt,
} else {
*create_new_conn = conn_update_state(ct, pkt, ctx, &conn, now,
bucket);
- handle_ftp_ctl(ct, ctx, pkt, conn, now, CT_FTP_CTL_OTHER,
- !!nat_action_info);
+
+ if (*create_new_conn == false) {
+ handle_ftp_ctl(ct, ctx, pkt, conn, now, CT_FTP_CTL_OTHER,
+ !!nat_action_info);
+ }
}
return true;
}
--
1.9.1
More information about the dev
mailing list