netfilter: xtables: fix reentrancy

[linux-flexiantxendom0-natty.git] / net / ipv6 / netfilter / ip6_tables.c

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 7d227c6..830921e 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -410,7 +410,7 @@ ip6t_do_table(struct sk_buff *skb,
                                        verdict = (unsigned)(-v) - 1;
                                        break;
                                }
-                               if (*stackptr == 0)
+                               if (*stackptr <= origptr)
                                        e = get_entry(table_base,
                                            private->underflow[hook]);
                                else
@@ -441,8 +441,8 @@ ip6t_do_table(struct sk_buff *skb,
                        break;
        } while (!acpar.hotdrop);
 
-       xt_info_rdunlock_bh();
        *stackptr = origptr;
+       xt_info_rdunlock_bh();
 
 #ifdef DEBUG_ALLOW_ALL
        return NF_ACCEPT;