| commit | d583e5291f0e456a872ec058bf36223dcad01e0a | |
| author | Patrick McHardy <kaber@trash.net> | |
| Mon, 22 Jun 2009 12:14:16 +0000 (22 14:14 +0200) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Thu, 30 Jul 2009 21:40:21 +0000 (30 14:40 -0700) | ||
| tree | e7d1e4e1d116cb1ec991745278293f208849216f | treesnapshot (tar.gz zip) |
| parent | 3aa08795cb77ac09f25b61a48f1637b3dabe09c9 | commitdiff |
netfilter: nf_conntrack: fix confirmation race condition
commit 5c8ec910e789a92229978d8fd1fce7b62e8ac711 upstream.
New connection tracking entries are inserted into the hash before they
are fully set up, namely the CONFIRMED bit is not set and the timer not
started yet. This can theoretically lead to a race with timer, which
would set the timeout value to a relative value, most likely already in
the past.
Perform hash insertion as the final step to fix this.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 5c8ec910e789a92229978d8fd1fce7b62e8ac711 upstream.
New connection tracking entries are inserted into the hash before they
are fully set up, namely the CONFIRMED bit is not set and the timer not
started yet. This can theoretically lead to a race with timer, which
would set the timeout value to a relative value, most likely already in
the past.
Perform hash insertion as the final step to fix this.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/netfilter/nf_conntrack_core.c | diffblobblamehistory |