Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter fixes for your net tree, they are: * Fix potential NULL dereference in the socket match if revision 0 is used, from Eric Dumazet. * Fix missing expectation NAT initialization that results in dumping the NAT part via ctnetlink, thus leading to problems in expectation synchronization through conntrackd, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-07-22 17:32:39 -0400
committer: David S. Miller <davem@davemloft.net> 2013-07-22 17:32:39 -0400
commit: 7bd04bcf91e77bd0fe01c180546aacab4c7934be (patch)
tree: ac8a84f1ab026998dfae0f95f0057756cc650681
parent: f5f7ab6785ec15b8b95750c0dd590ca3aeb49248 (diff)
parent: baf60efa585c78b269f0097288868a51ccc61f55 (diff)
2 files changed, 12 insertions, 3 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index c63b618cd619..4fd1ca94fd4a 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -293,6 +293,11 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class,
                       sizeof(exp->tuple.dst.u3) - len);
        exp->tuple.dst.u.all = *dst;
+#ifdef CONFIG_NF_NAT_NEEDED
+        memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));
+        memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));
+#endif
 }
 EXPORT_SYMBOL_GPL(nf_ct_expect_init);
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index f8b71911037a..20b15916f403 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -172,7 +172,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
                /* Ignore non-transparent sockets,
                   if XT_SOCKET_TRANSPARENT is used */
-                if (info && info->flags & XT_SOCKET_TRANSPARENT)
+                if (info->flags & XT_SOCKET_TRANSPARENT)
                        transparent = ((sk->sk_state != TCP_TIME_WAIT &&
                                        inet_sk(sk)->transparent) ||
                                       (sk->sk_state == TCP_TIME_WAIT &&
@@ -196,7 +196,11 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
 static bool
 socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par)
 {
-        return socket_match(skb, par, NULL);
+        static struct xt_socket_mtinfo1 xt_info_v0 = {
+                .flags = 0,
+        };
+        return socket_match(skb, par, &xt_info_v0);
 }
 static bool
@@ -314,7 +318,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
                /* Ignore non-transparent sockets,
                   if XT_SOCKET_TRANSPARENT is used */
-                if (info && info->flags & XT_SOCKET_TRANSPARENT)
+                if (info->flags & XT_SOCKET_TRANSPARENT)
                        transparent = ((sk->sk_state != TCP_TIME_WAIT &&
                                        inet_sk(sk)->transparent) ||
                                       (sk->sk_state == TCP_TIME_WAIT &&
author	David S. Miller <davem@davemloft.net>	2013-07-22 17:32:39 -0400
committer	David S. Miller <davem@davemloft.net>	2013-07-22 17:32:39 -0400
commit	7bd04bcf91e77bd0fe01c180546aacab4c7934be (patch)
tree	ac8a84f1ab026998dfae0f95f0057756cc650681
parent	f5f7ab6785ec15b8b95750c0dd590ca3aeb49248 (diff)
parent	baf60efa585c78b269f0097288868a51ccc61f55 (diff)