netfilter: x_tables: don't return garbage pointer on modprobe failure
authorFlorian Westphal <fw@strlen.de>
Sat, 13 Jan 2018 13:06:08 +0000 (14:06 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 16 Jan 2018 00:51:59 +0000 (01:51 +0100)
request_module may return a positive error result from modprobe,
if we cast this to ERR_PTR this returns a garbage result (it passes
IS_ERR checks).

Fix it by ignoring modprobe return values entirely, just retry the
table lookup instead.

Reported-by: syzbot+980925dbfbc7f93bc2ef@syzkaller.appspotmail.com
Fixes: 03d13b6868a2 ("netfilter: xtables: add and use xt_request_find_table_lock")
Fixes: 20651cefd25f ("netfilter: x_tables: unbreak module auto loading")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/x_tables.c

index 5b8f3b7358e659c43c586f738e2bb211b2b7c849..3c2548787d781a5d0c36ed3e38ebd6a481e254bd 100644 (file)
@@ -1085,7 +1085,7 @@ struct xt_table *xt_request_find_table_lock(struct net *net, u_int8_t af,
 #ifdef CONFIG_MODULES
        if (IS_ERR(t)) {
                int err = request_module("%stable_%s", xt_prefix[af], name);
-               if (err)
+               if (err < 0)
                        return ERR_PTR(err);
                t = xt_find_table_lock(net, af, name);
        }