netfilter: layer7 fix wrong fuzzy match change

patch has applied one hunk to a wrong place.
This result in double free and crash the kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index c2254fcf298aac7a7d888e41aa565dc7616dccea..3185748997c01443049556b801a4dde2c480b283 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -346,13 +346,6 @@ static void nf_ct_del_from_dying_or_unconfirmed_list(struct nf_conn *ct)
 {
        struct ct_pcpu *pcpu;
 
-#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
-       if(ct->layer7.app_proto)
-               kfree(ct->layer7.app_proto);
-       if(ct->layer7.app_data)
-               kfree(ct->layer7.app_data);
-#endif
-
        /* We overload first tuple to link into unconfirmed or dying list.*/
        pcpu = per_cpu_ptr(nf_ct_net(ct)->ct.pcpu_lists, ct->cpu);
 
@@ -434,6 +427,13 @@ destroy_conntrack(struct nf_conntrack *nfct)
         */
        nf_ct_remove_expectations(ct);
 
+#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+       if(ct->layer7.app_proto)
+               kfree(ct->layer7.app_proto);
+       if(ct->layer7.app_data)
+               kfree(ct->layer7.app_data);
+#endif
+
        nf_ct_del_from_dying_or_unconfirmed_list(ct);
 
        local_bh_enable();