]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: conntrack_netlink: Fix locking during conntrack_create
authorPablo Neira <pablo@eurodev.net>
Wed, 10 Aug 2005 03:02:55 +0000 (20:02 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Mon, 29 Aug 2005 22:39:05 +0000 (15:39 -0700)
The current codepath allowed for ip_conntrack_lock to be unlock'ed twice.

Signed-off-by: Pablo Neira <pablo@eurodev.net>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/ip_conntrack_netlink.c

index 36a046f221053fdb48919afe3bc87f2e50fdfaf0..0ab2d7df6bc4ba3dd48a2b6ec2d632524b44f0ab 100644 (file)
@@ -1052,13 +1052,14 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
                err = -ENOENT;
                if (nlh->nlmsg_flags & NLM_F_CREATE)
                        err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
+               return err;
+       }
+       /* implicit 'else' */
+
+       /* we only allow nat config for new conntracks */
+       if (cda[CTA_NAT-1]) {
+               err = -EINVAL;
                goto out_unlock;
-       } else {
-               /* we only allow nat config for new conntracks */
-               if (cda[CTA_NAT-1]) {
-                       err = -EINVAL;
-                       goto out_unlock;
-               }
        }
 
        /* We manipulate the conntrack inside the global conntrack table lock,