netfilter: fix oops if clusterip_seq_start() and dl_seq_start() memory allocation fails

Solution Verified - Updated -

Issue

  • There are similar problems in two places.
  1. CLUSTERIP case:
    • If clusterip_seq_start() memory allocation fails, the function of clusterip_seq_stop() will free a NULL pointer, and this can crash the kernel.
  2. hashlimit case:
    • If dl_seq_start() memory allocation fails, the function of dl_seq_stop() will free a NULL pointer, and this can crash the kernel.
  • Step to Reproduce:
  1. CLUSTERIP case:

    1. # iptables -A INPUT -d 192.168.0.21 -i eth0 -j CLUSTERIP --new  --hashmode sourceip --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2  --local-node 1
    2. # cat /proc/net/ipt_CLUSTERIP/192.168.0.21
    • While reading the proc file, if kmalloc() fails, kernel will crash.  But this rarely happens, because of kmalloc() only requires 16 byte memory.
  2. hashlimit case:

    1. # iptables -A INPUT -m hashlimit --hashlimit 10 --hashlimit-mode dstport  --hashlimit-name test
    2. # cat /proc/net/ipt_hashlimit/test
    • While reading the proc file, if kmalloc() fails, kernel will crash. But this rarely happens, because of kmalloc only requires 4 byte memory.
  • Actual Results:
    • kernel will crash at step 2 if memory allocation fails.
  • Expected Results:
    • kernel returns a error, will not crash.

Environment

  • Red Hat Enterprise Linux RHEL6.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content