diff options
| author | Eric Dumazet <edumazet@google.com> | 2013-07-11 22:22:19 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-15 05:15:21 -0400 |
| commit | baf60efa585c78b269f0097288868a51ccc61f55 (patch) | |
| tree | 8d9202c8b44038254c87f7f03f887073bc976a7c /net | |
| parent | f09eca8db0184aeb6b9718a987cfb3653ad7c4ae (diff) | |
netfilter: xt_socket: fix broken v0 support
commit 681f130f39e10 ("netfilter: xt_socket: add XT_SOCKET_NOWILDCARD
flag") added a potential NULL dereference if an old iptables package
uses v0 of the match.
Fix this by removing the test on @info in fast path.
IPv6 can remove the test as well, as it uses v1 or v2.
Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_socket.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index f8b71911037a..20b15916f403 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c | |||
| @@ -172,7 +172,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, | |||
| 172 | 172 | ||
| 173 | /* Ignore non-transparent sockets, | 173 | /* Ignore non-transparent sockets, |
| 174 | if XT_SOCKET_TRANSPARENT is used */ | 174 | if XT_SOCKET_TRANSPARENT is used */ |
| 175 | if (info && info->flags & XT_SOCKET_TRANSPARENT) | 175 | if (info->flags & XT_SOCKET_TRANSPARENT) |
| 176 | transparent = ((sk->sk_state != TCP_TIME_WAIT && | 176 | transparent = ((sk->sk_state != TCP_TIME_WAIT && |
| 177 | inet_sk(sk)->transparent) || | 177 | inet_sk(sk)->transparent) || |
| 178 | (sk->sk_state == TCP_TIME_WAIT && | 178 | (sk->sk_state == TCP_TIME_WAIT && |
| @@ -196,7 +196,11 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, | |||
| 196 | static bool | 196 | static bool |
| 197 | socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par) | 197 | socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par) |
| 198 | { | 198 | { |
| 199 | return socket_match(skb, par, NULL); | 199 | static struct xt_socket_mtinfo1 xt_info_v0 = { |
| 200 | .flags = 0, | ||
| 201 | }; | ||
| 202 | |||
| 203 | return socket_match(skb, par, &xt_info_v0); | ||
| 200 | } | 204 | } |
| 201 | 205 | ||
| 202 | static bool | 206 | static bool |
| @@ -314,7 +318,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par) | |||
| 314 | 318 | ||
| 315 | /* Ignore non-transparent sockets, | 319 | /* Ignore non-transparent sockets, |
| 316 | if XT_SOCKET_TRANSPARENT is used */ | 320 | if XT_SOCKET_TRANSPARENT is used */ |
| 317 | if (info && info->flags & XT_SOCKET_TRANSPARENT) | 321 | if (info->flags & XT_SOCKET_TRANSPARENT) |
| 318 | transparent = ((sk->sk_state != TCP_TIME_WAIT && | 322 | transparent = ((sk->sk_state != TCP_TIME_WAIT && |
| 319 | inet_sk(sk)->transparent) || | 323 | inet_sk(sk)->transparent) || |
| 320 | (sk->sk_state == TCP_TIME_WAIT && | 324 | (sk->sk_state == TCP_TIME_WAIT && |