netfilter: x_tables: unregister the templates first - kernel/linux.git

diff options

author	Florian Westphal <fw@strlen.de>	2026-05-06 13:07:16 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2026-05-08 02:30:16 +0300
commit	d338693d778579b676a61346849bebd892427158 (patch)
tree	82e4b0a8e0721e6530a0e47078408c162dd066ca /include
parent	527d6931473b75d90e38942aae6537d1a527f1fd (diff)
download	linux-d338693d778579b676a61346849bebd892427158.tar.xz

netfilter: x_tables: unregister the templates first

When the module is going away we need to zap the template first. Else there is a small race window where userspace could instantiate a new table after the pernet exit function has removed the current table. Fixes: fdacd57c79b7 ("netfilter: x_tables: never register tables by default") Reported-by: Tristan Madani <tristan@talencesecurity.com> Reviewed-by: Tristan Madani <tristan@talencesecurity.com> Closes: https://lore.kernel.org/netfilter-devel/20260429175613.1459342-1-tristmd@gmail.com/ Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: