tproxy: fixe a possible read from an invalid location in the socket match

TIME_WAIT sockets need to be handled specially, and the socket match casted inet_timewait_sock instances to inet_sock, which are not compatible. Handle this special case by checking sk->sk_state. Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Balazs Scheidler <bazsi@balabit.hu> 2008-12-08 02:53:46 -0500
committer: David S. Miller <davem@davemloft.net> 2008-12-08 02:53:46 -0500
commit: c49b9f295e513753e6d9bb4444ba502f1aa59b29 (patch)
tree: ce46987a31304cf239bd8ee46afbc059cefab5dc /net/netfilter
parent: 0a0755c9fe47dc9f8271935909c66096e43efbfe (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 02a8fed21082..1acc089be7e9 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -141,7 +141,7 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
                                   saddr, daddr, sport, dport, par->in, false);
        if (sk != NULL) {
-                bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
+                bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
                nf_tproxy_put_sock(sk);
                if (wildcard)
author	Balazs Scheidler <bazsi@balabit.hu>	2008-12-08 02:53:46 -0500
committer	David S. Miller <davem@davemloft.net>	2008-12-08 02:53:46 -0500
commit	c49b9f295e513753e6d9bb4444ba502f1aa59b29 (patch)
tree	ce46987a31304cf239bd8ee46afbc059cefab5dc /net/netfilter
parent	0a0755c9fe47dc9f8271935909c66096e43efbfe (diff)

diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 02a8fed21082..1acc089be7e9 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c
@@ -141,7 +141,7 @@ socket_mt(const struct sk_buff skb, const struct xt_match_param par)
141	sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,	141	sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
142	saddr, daddr, sport, dport, par->in, false);	142	saddr, daddr, sport, dport, par->in, false);
143	if (sk != NULL) {	143	if (sk != NULL) {
144	bool wildcard = (inet_sk(sk)->rcv_saddr == 0);	144	bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
145		145
146	nf_tproxy_put_sock(sk);	146	nf_tproxy_put_sock(sk);
147	if (wildcard)	147	if (wildcard)