diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2013-11-04 16:58:56 +0400 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-05 01:58:30 +0400 |
commit | c359c4157cf0d852387aff2f2d83fef039aadc2c (patch) | |
tree | adb151e14ebc9af2de4e25743275567a2c70e2c7 /net | |
parent | ca0e8bd68bae3d0bad758b5a82dbf9327b75325c (diff) | |
download | linux-c359c4157cf0d852387aff2f2d83fef039aadc2c.tar.xz |
netfilter: nft_compat: use _safe version of list_for_each
We need to use the _safe version of list_for_each_entry() here otherwise
we have a use after free bug.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_compat.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 4811f762e060..a82667c64729 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -634,9 +634,9 @@ nft_match_select_ops(const struct nft_ctx *ctx, static void nft_match_release(void) { - struct nft_xt *nft_match; + struct nft_xt *nft_match, *tmp; - list_for_each_entry(nft_match, &nft_match_list, head) + list_for_each_entry_safe(nft_match, tmp, &nft_match_list, head) kfree(nft_match); } @@ -705,9 +705,9 @@ nft_target_select_ops(const struct nft_ctx *ctx, static void nft_target_release(void) { - struct nft_xt *nft_target; + struct nft_xt *nft_target, *tmp; - list_for_each_entry(nft_target, &nft_target_list, head) + list_for_each_entry_safe(nft_target, tmp, &nft_target_list, head) kfree(nft_target); } |