[PATCH 09/10] nf_nat: Fixes invalid access due to reallocating exntesion area

[Yasuyuki KOZAKAI]

ct_extend_add called in nf_conntrack_alter_reply can reallocate
extension aera and the pointer to private arae for NAT can be changed.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai at toshiba.co.jp>
---
 net/ipv4/netfilter/nf_nat_core.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index dea4ab1..4e4fad7 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -297,7 +297,6 @@ nf_nat_setup_info(struct nf_conn *ct,
 			return NF_ACCEPT;
 		}
 	}
-	info = &nat->info;
 
 	NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
 		     hooknum == NF_IP_POST_ROUTING ||
@@ -335,6 +334,8 @@ nf_nat_setup_info(struct nf_conn *ct,
 
 		srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
 		write_lock_bh(&nf_nat_lock);
+		/* nf_conntrack_alter_reply might re-allocate exntension aera */
+		info = &nfct_nat(ct)->info;
 		info->ct = ct;
 		list_add(&info->bysource, &bysource[srchash]);
 		write_unlock_bh(&nf_nat_lock);
-- 
1.5.2.2