Commit 7663f188 authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by David S. Miller

[NETFILTER]: return ENOMEM when ip_conntrack_alloc() fails.

This patch fixes the bug which doesn't return ERR_PTR(-ENOMEM) if it
failed to allocate memory space from slab cache.  This bug leads to
erroneously not dropped packets under stress, and wrong statistic
counters ('invalid' is incremented instead of 'drop').  It was
introduced during the ctnetlink merge in the net-2.6.14 tree, so no
stable or mainline releases affected.
Signed-off-by: default avatarYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8a61fadb
...@@ -655,7 +655,7 @@ struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *orig, ...@@ -655,7 +655,7 @@ struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *orig,
conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC); conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
if (!conntrack) { if (!conntrack) {
DEBUGP("Can't allocate conntrack.\n"); DEBUGP("Can't allocate conntrack.\n");
return NULL; return ERR_PTR(-ENOMEM);
} }
memset(conntrack, 0, sizeof(*conntrack)); memset(conntrack, 0, sizeof(*conntrack));
...@@ -696,8 +696,9 @@ init_conntrack(struct ip_conntrack_tuple *tuple, ...@@ -696,8 +696,9 @@ init_conntrack(struct ip_conntrack_tuple *tuple,
return NULL; return NULL;
} }
if (!(conntrack = ip_conntrack_alloc(tuple, &repl_tuple))) conntrack = ip_conntrack_alloc(tuple, &repl_tuple);
return NULL; if (conntrack == NULL || IS_ERR(conntrack))
return (struct ip_conntrack_tuple_hash *)conntrack;
if (!protocol->new(conntrack, skb)) { if (!protocol->new(conntrack, skb)) {
ip_conntrack_free(conntrack); ip_conntrack_free(conntrack);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment