diff options
author | Balazs Scheidler <bazsi@balabit.hu> | 2008-12-08 02:53:46 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-12-08 02:53:46 -0500 |
commit | c49b9f295e513753e6d9bb4444ba502f1aa59b29 (patch) | |
tree | ce46987a31304cf239bd8ee46afbc059cefab5dc | |
parent | 0a0755c9fe47dc9f8271935909c66096e43efbfe (diff) |
tproxy: fixe a possible read from an invalid location in the socket match
TIME_WAIT sockets need to be handled specially, and the socket match
casted inet_timewait_sock instances to inet_sock, which are not
compatible.
Handle this special case by checking sk->sk_state.
Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/xt_socket.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 02a8fed21082..1acc089be7e9 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c | |||
@@ -141,7 +141,7 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
141 | sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol, | 141 | sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol, |
142 | saddr, daddr, sport, dport, par->in, false); | 142 | saddr, daddr, sport, dport, par->in, false); |
143 | if (sk != NULL) { | 143 | if (sk != NULL) { |
144 | bool wildcard = (inet_sk(sk)->rcv_saddr == 0); | 144 | bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0); |
145 | 145 | ||
146 | nf_tproxy_put_sock(sk); | 146 | nf_tproxy_put_sock(sk); |
147 | if (wildcard) | 147 | if (wildcard) |