netfilter: ctnetlink: fix refcnt leak in dying/unconfirmed list dumper
authorFlorian Westphal <fw@strlen.de>
Sun, 8 Jun 2014 09:41:23 +0000 (11:41 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 16 Jun 2014 10:51:36 +0000 (12:51 +0200)
commitcd5f336f1780cb20e83146cde64d3d5779e175e6
tree1256bde8377eda4f1ca29a232eaaa0e8a3d13e22
parent266155b2de8fb721ae353688529b2f8bcdde2f90
netfilter: ctnetlink: fix refcnt leak in dying/unconfirmed list dumper

'last' keeps track of the ct that had its refcnt bumped during previous
dump cycle.  Thus it must not be overwritten until end-of-function.

Another (unrelated, theoretical) issue: Don't attempt to bump refcnt of a conntrack
whose reference count is already 0.  Such conntrack is being destroyed
right now, its memory is freed once we release the percpu dying spinlock.

Fixes: b7779d06 ('netfilter: conntrack: spinlock per cpu to protect special lists.')
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_netlink.c