On Fri, 2017-12-22 at 09:46 +0100, Greg Kroah-Hartman wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Pablo Neira Ayuso <[email protected]> > > > [ Upstream commit 2c422257550f123049552b39f7af6e3428a60f43 ] > > We only allow runtime updates of expectation policies for timeout and > maximum number of expectations, otherwise reject the update. [...] > +static int nfnl_cthelper_update_policy_all(struct nlattr *tb[], > + struct nf_conntrack_helper *helper) > +{ > + struct nf_conntrack_expect_policy new_policy[helper->expect_class_max + > 1]; > + struct nf_conntrack_expect_policy *policy; > + int i, err; > + > + /* Check first that all policy attributes are well-formed, so we don't > + * leave things in inconsistent state on errors. > + */ > + for (i = 0; i < helper->expect_class_max + 1; i++) { > + > + if (!tb[NFCTH_POLICY_SET + i]) > + return -EINVAL; > + > + err = nfnl_cthelper_update_policy_one(&helper->expect_policy[i], > + &new_policy[i], > + tb[NFCTH_POLICY_SET + i]); > + if (err < 0) > + return err; > + } > + /* Now we can safely update them. */ > + for (i = 0; i < helper->expect_class_max + 1; i++) { > + policy = (struct nf_conntrack_expect_policy *) > + &helper->expect_policy[i]; > + policy->max_expected = new_policy->max_expected; > + policy->timeout = new_policy->timeout; [...]
Shouldn't the RHS of these two assignments use new_policy[i]? Ben. -- Ben Hutchings Software Developer, Codethink Ltd.
