netfilter: fix oops if clusterip_seq_start() and dl_seq_start() memory allocation fails

Solution Verified - Updated -

Issue

  • There are similar problems in two places.
  1. CLUSTERIP case:
    • If clusterip_seq_start() memory allocation fails, the function of clusterip_seq_stop() will free a NULL pointer, and this can crash the kernel.
  2. hashlimit case:
    • If dl_seq_start() memory allocation fails, the function of dl_seq_stop() will free a NULL pointer, and this can crash the kernel.
  • Step to Reproduce:
  1. CLUSTERIP case:

    1. # iptables -A INPUT -d 192.168.0.21 -i eth0 -j CLUSTERIP --new  --hashmode sourceip --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2  --local-node 1
    2. # cat /proc/net/ipt_CLUSTERIP/192.168.0.21
    • While reading the proc file, if kmalloc() fails, kernel will crash.  But this rarely happens, because of kmalloc() only requires 16 byte memory.
  2. hashlimit case:

    1. # iptables -A INPUT -m hashlimit --hashlimit 10 --hashlimit-mode dstport  --hashlimit-name test
    2. # cat /proc/net/ipt_hashlimit/test
    • While reading the proc file, if kmalloc() fails, kernel will crash. But this rarely happens, because of kmalloc only requires 4 byte memory.
  • Actual Results:
    • kernel will crash at step 2 if memory allocation fails.
  • Expected Results:
    • kernel returns a error, will not crash.

Environment

  • Red Hat Enterprise Linux RHEL6.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.