!7095 CVE-2024-27020 (19bb53ac) · Commits · EulixOS / Software / Kernel

net/netfilter/nf_tables_api.c

+15 −8

Original line number	Diff line number	Diff line
		@@ -2034,14 +2034,17 @@ EXPORT_SYMBOL_GPL(nft_unregister_expr);
		static const struct nft_expr_type *__nft_expr_type_get(u8 family,
		struct nlattr *nla)
		{
		const struct nft_expr_type *type;
		const struct nft_expr_type type, candidate = NULL;

		list_for_each_entry(type, &nf_tables_expressions, list) {
		if (!nla_strcmp(nla, type->name) &&
		(!type->family \|\| type->family == family))
		return type;
		list_for_each_entry_rcu(type, &nf_tables_expressions, list) {
		if (!nla_strcmp(nla, type->name)) {
		if (!type->family && !candidate)
		candidate = type;
		else if (type->family == family)
		candidate = type;
		}
		return NULL;
		}
		return candidate;
		}

		static const struct nft_expr_type nft_expr_type_get(struct net net,
		@@ -2053,9 +2056,13 @@ static const struct nft_expr_type nft_expr_type_get(struct net net,
		if (nla == NULL)
		return ERR_PTR(-EINVAL);

		rcu_read_lock();
		type = __nft_expr_type_get(family, nla);
		if (type != NULL && try_module_get(type->owner))
		if (type != NULL && try_module_get(type->owner)) {
		rcu_read_unlock();
		return type;
		}
		rcu_read_unlock();

		lockdep_nfnl_nft_mutex_not_held();
		#ifdef CONFIG_MODULES