Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5595248imu;
        Mon, 26 Nov 2018 02:43:44 -0800 (PST)
X-Google-Smtp-Source: AFSGD/WLvE5j/V+FMqh1qbGaYa+T/9tdrOWl0yWPSs6kP6hVbUVcuMWmwviOtJAScii3XWx5tSYX
X-Received: by 2002:a17:902:bc43:: with SMTP id t3mr20370894plz.124.1543229024044;
        Mon, 26 Nov 2018 02:43:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543229024; cv=none;
        d=google.com; s=arc-20160816;
        b=FEZH3ue1KhVoRjYyUCi4H7INVstkPbqKgsGelHvOfe4Kh8OEcc8freSTX2nLSTcwMY
         4+ZEjMCp1aI6IzjqetcGwZUZcPTBMIMRbiiuuPEWSwqNMj7ci0oZUabekUoOw194Mtaj
         ECb4NBEYwkQ1ySu5n5xe/CYwStd/E5J0RN8wOjduWea4dbrhvn3yEK1yDTWeSuTKTp2u
         gr/m3Kve1QkoO1yqAWfcOmn4NgdgSHEr2R1qG//CNxBrp9GBvnwvcR2AswcpmRFw3vob
         zcPtddDn+LxQzqxM6zO8wndtK4xWdsTjw5PZZrOKfJp01gzIT7rgT/YGNw3BlMmIpFsl
         a3nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=eFhC6ly3YeGr5f1y+9JdQzvSGr7kMTcjQbQn5uq7z00=;
        b=YNathtI1yymhkUv20ztSB+cnUMO2UOVUtRLGhLPRzbBOUROS5FU/yZ5lwPC9KIaMwB
         9wnjIrRoCNxeRI7Zv2XO+25+nSp1iEYKg7cfHqpEpIpqzuqJq++qfUWL/HoUhL4akwt6
         7dd2YgPL00Xm5KiFtRKupKhxF42V3U5/2anJGxkY3rXfkqlQip+/v3ZQaSuMf8vWQQzZ
         1NJbRoRCJk2eqN7RbqZ8RqhK2G1hz0WRPhXMCmKdVd4Q2FTHLospneLFKARCwbN8r/0Z
         91TEFQnwqQmOZFVpZ5H0SeOWpL3wRFF3G7yixhjd/SfgCgffF7Tvy9InmoZuVyFsmYqs
         HsvQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=TWPEmLFh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n1si61579221pgh.172.2018.11.26.02.43.28;
        Mon, 26 Nov 2018 02:43:44 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=TWPEmLFh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726363AbeKZVgd (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Mon, 26 Nov 2018 16:36:33 -0500
Received: from m12-11.163.com ([220.181.12.11]:59725 "EHLO m12-11.163.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726138AbeKZVgd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Nov 2018 16:36:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
        s=s110527; h=From:Subject:Date:Message-Id; bh=eFhC6ly3YeGr5f1y+9
        JdQzvSGr7kMTcjQbQn5uq7z00=; b=TWPEmLFhQvVf6oEdODi0Mwa1/c/UAqjFVd
        ZO1hmt/0viTycDV8oH8Dga8cuXBqsOCC1DAj/Syh8EnrvWLX8UbqooVLgDx/w6pW
        p8P5MjAnhceEJMtjCUtUmUM3INfyRpFmgzOybEwdE7+DgkDBX56oFVVdWyvvdxby
        GoxfJ8nJY=
Received: from bp.localdomain (unknown [106.120.213.96])
        by smtp7 (Coremail) with SMTP id C8CowAB3MpEDzvtbwzoECA--.47616S3;
        Mon, 26 Nov 2018 18:42:13 +0800 (CST)
From:   Pan Bian <bianpan2016@163.com>
To:     Pablo Neira Ayuso <pablo@netfilter.org>,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        Florian Westphal <fw@strlen.de>,
        "David S. Miller" <davem@davemloft.net>
Cc:     Stefano Brivio <sbrivio@redhat.com>,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        Pan Bian <bianpan2016@163.com>
Subject: [PATCH] netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
Date:   Mon, 26 Nov 2018 18:42:10 +0800
Message-Id: <1543228930-103509-1-git-send-email-bianpan2016@163.com>
X-Mailer: git-send-email 2.7.4
X-CM-TRANSID: C8CowAB3MpEDzvtbwzoECA--.47616S3
X-Coremail-Antispam: 1Uf129KBjvdXoWrZryxuw4xCFW3ur4rZFW8Zwb_yoWDXFb_Ja
        4kta40kF1rKFZaga1UAayxZr4xtw1fJFyxJFyIq39Fvwn8G34qka4vqFsxZr15G3y2kry7
        KrnYgry5t3yYvjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUneMKJUUUUU==
X-Originating-IP: [106.120.213.96]
X-CM-SenderInfo: held01tdqsiiqw6rljoofrz/1tbiDgULclXlpmxgBQAAst
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In the error handling block, nla_nest_cancel(skb, atd) is called to
cancel the nest operation. But then, ipset_nest_end(skb, atd) is
unexpected called to end the nest operation. This patch calls the
ipset_nest_end only on the branch that nla_nest_cancel is
not called.

Fixes: 45040978c89("netfilter: ipset: Fix set:list type crash when
flush/dump set in parallel")

Signed-off-by: Pan Bian <bianpan2016@163.com>
---
 net/netfilter/ipset/ip_set_list_set.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index 4eef55d..8da228d 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -531,8 +531,8 @@ list_set_list(const struct ip_set *set,
 		ret = -EMSGSIZE;
 	} else {
 		cb->args[IPSET_CB_ARG0] = i;
+		ipset_nest_end(skb, atd);
 	}
-	ipset_nest_end(skb, atd);
 out:
 	rcu_read_unlock();
 	return ret;
-- 
2.7.4