From: Pablo Neira Date: Wed, 10 Aug 2005 03:02:55 +0000 (-0700) Subject: [NETFILTER]: conntrack_netlink: Fix locking during conntrack_create X-Git-Tag: v2.6.14-rc1~1035^2~186 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88aa0429048d08c18f2772782588f953bbbd79be;p=linux-2.6 [NETFILTER]: conntrack_netlink: Fix locking during conntrack_create The current codepath allowed for ip_conntrack_lock to be unlock'ed twice. Signed-off-by: Pablo Neira Signed-off-by: Harald Welte Signed-off-by: David S. Miller --- diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 36a046f221..0ab2d7df6b 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -1052,13 +1052,14 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, err = -ENOENT; if (nlh->nlmsg_flags & NLM_F_CREATE) err = ctnetlink_create_conntrack(cda, &otuple, &rtuple); + return err; + } + /* implicit 'else' */ + + /* we only allow nat config for new conntracks */ + if (cda[CTA_NAT-1]) { + err = -EINVAL; goto out_unlock; - } else { - /* we only allow nat config for new conntracks */ - if (cda[CTA_NAT-1]) { - err = -EINVAL; - goto out_unlock; - } } /* We manipulate the conntrack inside the global conntrack table lock,