netfilter: fix double-free and use-after free
authorPekka Enberg <penberg@cs.helsinki.fi>
Sun, 27 Jul 2008 00:49:33 +0000 (17:49 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 27 Jul 2008 00:49:33 +0000 (17:49 -0700)
commit93bc4e89c260d91576840c4881d1066d84ccd422
tree456176a054fc9a3fed18ac6ce50c7a34a86c5808
parent3918fed5f31213067c1c345bd904e1ea369e6819
netfilter: fix double-free and use-after free

As suggested by Patrick McHardy, introduce a __krealloc() that doesn't
free the original buffer to fix a double-free and use-after-free bug
introduced by me in netfilter that uses RCU.

Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Tested-by: Dieter Ries <clip2@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/slab.h
mm/util.c
net/netfilter/nf_conntrack_extend.c