From patchwork Mon Sep 26 16:24:30 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aaron Conole <aconole@bytheb.org>
X-Patchwork-Id: 675255
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3sjTp35k4hz9s4x
	for <patchwork-incoming@ozlabs.org>;
	Tue, 27 Sep 2016 02:24:59 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=bytheb-org.20150623.gappssmtp.com
	header.i=@bytheb-org.20150623.gappssmtp.com header.b=UksSs/Cj;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1423106AbcIZQYs (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 26 Sep 2016 12:24:48 -0400
Received: from mail-yw0-f196.google.com ([209.85.161.196]:33684 "EHLO
	mail-yw0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1422874AbcIZQYn (ORCPT
	<rfc822;netdev@vger.kernel.org>); Mon, 26 Sep 2016 12:24:43 -0400
Received: by mail-yw0-f196.google.com with SMTP id g192so9196515ywh.0
	for <netdev@vger.kernel.org>; Mon, 26 Sep 2016 09:24:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=bytheb-org.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=3IpfCpXJM3XDfXn69bPxDLToOYBythfvT/+wPDvMleE=;
	b=UksSs/CjB/vweoyA5Kv3s0MqaOsNCd8gV+EJLTyh3B3m/BhCcWWHOSfSVoa6C7LWkg
	86b8WiYiv+FHSD/MYykBsI64QWV0k8n92BIDlI5IeuWyrc+HsTet0xSSox6eYGeTqZTA
	zrpxDU2BIfYd/I46395PW1OLUJO5uIW2f3a6n+zjBajhJA0zgC0P617QiRpUnx5coKCt
	w6C85R4yxt4NPs4uRXiYIBRc4Q7szRGgVFhJqE/Gvr62UcAk4xrMbr9nCdi7fQ//SKRD
	/uMGZkPrC/qOqy0sjcs6LV8HDuT4RJAnULPi6daa4nODvkH6qmB3VgQhpsxJ3aLtgQ8j
	BfAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=3IpfCpXJM3XDfXn69bPxDLToOYBythfvT/+wPDvMleE=;
	b=kNAoy96f0f6COTTwk3zJ3/CF9pZGi7ync36idwrHyLwV6Djs35Zn2h0HbC3iXiRD6Z
	lj5SkOTgRwa0he1eyRr3OXH9skrR+EteLA6+BOFpXaV0FQRLfmTY39SsFHBRJJPujoOk
	vqiMXOf/DYxoJMimtcTNfUzKFZv6r+oZuewBV/s/8YhROz8zKjBi52af0JN/AJASheZ5
	UMXM7KNgLhSfCFSnQmdd3mDQbQ3vF/cJeBt12KBPB6MTIlA5j6dQkVmA+F34vL7pT9tl
	efiausUwnPSWUW7JYDom7ajhGrImDLzdJoEqxnYBKtjlZk7qkhM3W7FsmGTzFt0Pt1Y3
	jqEA==
X-Gm-Message-State: 
 AE9vXwPHPSf/uaBIe0sSVajC94ad0KUFcBepffyqqccMZTtFqVSGB+YPR6bhqHZft5aYaw==
X-Received: by 10.129.135.1 with SMTP id x1mr18953760ywf.195.1474907082485;
	Mon, 26 Sep 2016 09:24:42 -0700 (PDT)
Received: from dhcp-25-97.bos.redhat.com (nat-pool-bos-t.redhat.com.
	[66.187.233.206]) by smtp.gmail.com with ESMTPSA id
	187sm9084072ywb.21.2016.09.26.09.24.41
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 26 Sep 2016 09:24:41 -0700 (PDT)
From: Aaron Conole <aconole@bytheb.org>
To: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Cc: Florian Westphal <fw@strlen.de>, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH nf-next 1/2] netfilter: Fix potential null pointer
	dereference
Date: Mon, 26 Sep 2016 12:24:30 -0400
Message-Id: <1474907071-13591-2-git-send-email-aconole@bytheb.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1474907071-13591-1-git-send-email-aconole@bytheb.org>
References: <1474907071-13591-1-git-send-email-aconole@bytheb.org>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

It's possible for nf_hook_entry_head to return NULL if two
nf_unregister_net_hook calls happen simultaneously with a single hook
entry in the list.  This fix ensures that no null pointer dereference
could occur when such a race happens.

Signed-off-by: Aaron Conole <aconole@bytheb.org>
---
 net/netfilter/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 360c63d..e58e420 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -160,7 +160,7 @@ void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg)
 
 	mutex_lock(&nf_hook_mutex);
 	hooks_entry = nf_hook_entry_head(net, reg);
-	if (hooks_entry->orig_ops == reg) {
+	if (hooks_entry && hooks_entry->orig_ops == reg) {
 		nf_set_hooks_head(net, reg,
 				  nf_entry_dereference(hooks_entry->next));
 		goto unlock;