From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 6 Mar 2017 07:50:15 +0000 (+0100)
Subject: netfilter: layer7 fix wrong fuzzy match change
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a2fec958a8d63d1cee17029500d7e619e849a338;p=people%2Farne_f%2Fkernel.git

netfilter: layer7 fix wrong fuzzy match change

patch has applied one hunk to a wrong place.
This result in double free and crash the kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 1b470c1f0550c..318d841301404 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -528,13 +528,6 @@ static void nf_ct_del_from_dying_or_unconfirmed_list(struct nf_conn *ct)
 {
 	struct ct_pcpu *pcpu;
 
-#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
-	if(ct->layer7.app_proto)
-		kfree(ct->layer7.app_proto);
-	if(ct->layer7.app_data)
-		kfree(ct->layer7.app_data);
-#endif
-
 	/* We overload first tuple to link into unconfirmed or dying list.*/
 	pcpu = per_cpu_ptr(nf_ct_net(ct)->ct.pcpu_lists, ct->cpu);
 
@@ -624,6 +617,13 @@ destroy_conntrack(struct nf_conntrack *nfct)
 	 */
 	nf_ct_remove_expectations(ct);
 
+#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+	if(ct->layer7.app_proto)
+		kfree(ct->layer7.app_proto);
+	if(ct->layer7.app_data)
+		kfree(ct->layer7.app_data);
+#endif
+
 	nf_ct_del_from_dying_or_unconfirmed_list(ct);
 
 	local_bh_enable();