netfilter: fix oops if clusterip_seq_start() and dl_seq_start() memory allocation fails
Issue
- There are similar problems in two places.
- CLUSTERIP case:
- If clusterip_seq_start() memory allocation fails, the function of clusterip_seq_stop() will free a NULL pointer, and this can crash the kernel.
- hashlimit case:
- If dl_seq_start() memory allocation fails, the function of dl_seq_stop() will free a NULL pointer, and this can crash the kernel.
- Step to Reproduce:
-
CLUSTERIP case:
- # iptables -A INPUT -d 192.168.0.21 -i eth0 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2 --local-node 1
- # cat /proc/net/ipt_CLUSTERIP/192.168.0.21
- While reading the proc file, if kmalloc() fails, kernel will crash. But this rarely happens, because of kmalloc() only requires 16 byte memory.
-
hashlimit case:
- # iptables -A INPUT -m hashlimit --hashlimit 10 --hashlimit-mode dstport --hashlimit-name test
- # cat /proc/net/ipt_hashlimit/test
- While reading the proc file, if kmalloc() fails, kernel will crash. But this rarely happens, because of kmalloc only requires 4 byte memory.
- Actual Results:
- kernel will crash at step 2 if memory allocation fails.
- Expected Results:
- kernel returns a error, will not crash.
Environment
- Red Hat Enterprise Linux RHEL6.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.