NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function

[NETFILTER]: ipt_CLUSTERIP: fix oops in checkentry function

The clusterip_config_find_get() already increases entries reference
counter, so there is no reason to do it twice in checkentry() callback.

This causes the config to be freed before it is removed from the list,
resulting in a crash when adding the next rule.

Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index b1c11160b9de2a44f663bbeaa9c2c5fd0c675852..9a37db26d276bb6e4b2bacf13c4c7d4e5a0a420c 100644 (file)
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -409,12 +409,10 @@ checkentry(const char *tablename,
                                       "has invalid config pointer!\n");
                                return 0;
                        }
-                       clusterip_config_entry_get(cipinfo->config);
                } else {
                        /* Case B: This is a new rule referring to an existing
                         * clusterip config. */
                        cipinfo->config = config;
-                       clusterip_config_entry_get(cipinfo->config);
                }
        } else {
                /* Case C: This is a completely new clusterip config */