mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-11 00:04:33 +08:00
netfilter: nf_ct_sip: extend RCU read lock in set_expected_rtp_rtcp()
Currently set_expected_rtp_rtcp() in the SIP helper uses rcu_dereference() two times to access two different NAT hook functions. However, only the first one is protected by the RCU reader lock, but the 2nd isn't. Fix it by extending the RCU protected area. This is more a cosmetic thing since we rely on all netfilter hooks being rcu_read_lock()ed by nf_hook_slow() in many places anyways, as Patrick McHardy clarified. Signed-off-by: Holger Eitzenberger <holger.eitzenberger@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
8ce4406103
commit
b21613aeb6
@ -966,7 +966,6 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
|
||||
#endif
|
||||
skip_expect = 1;
|
||||
} while (!skip_expect);
|
||||
rcu_read_unlock();
|
||||
|
||||
base_port = ntohs(tuple.dst.u.udp.port) & ~1;
|
||||
rtp_port = htons(base_port);
|
||||
@ -980,8 +979,10 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
|
||||
goto err1;
|
||||
}
|
||||
|
||||
if (skip_expect)
|
||||
if (skip_expect) {
|
||||
rcu_read_unlock();
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
rtp_exp = nf_ct_expect_alloc(ct);
|
||||
if (rtp_exp == NULL)
|
||||
@ -1012,6 +1013,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
|
||||
err2:
|
||||
nf_ct_expect_put(rtp_exp);
|
||||
err1:
|
||||
rcu_read_unlock();
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user