Skip to content

Commit

Permalink
netfilter: x_tables: don't return garbage pointer on modprobe failure
Browse files Browse the repository at this point in the history 
request_module may return a positive error result from modprobe,
if we cast this to ERR_PTR this returns a garbage result (it passes
IS_ERR checks).

Fix it by ignoring modprobe return values entirely, just retry the
table lookup instead.

Reported-by: syzbot+980925dbfbc7f93bc2ef@syzkaller.appspotmail.com
Fixes: 03d13b6 ("netfilter: xtables: add and use xt_request_find_table_lock")
Fixes: 20651ce ("netfilter: x_tables: unbreak module auto loading")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Florian Westphal authored and Pablo Neira Ayuso committed Jan 16, 2018
1 parent 9be9d04 commit e3eeacb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/x_tables.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1085,7 +1085,7 @@ struct xt_table *xt_request_find_table_lock(struct net *net, u_int8_t af,
#ifdef CONFIG_MODULES
if (IS_ERR(t)) {
int err = request_module("%stable_%s", xt_prefix[af], name);
if (err)
if (err < 0)
return ERR_PTR(err);
t = xt_find_table_lock(net, af, name);
}
Expand Down

0 comments on commit e3eeacb

Please sign in to comment.