diff options
| author | Calvin Owens <calvinowens@fb.com> | 2014-11-04 19:37:40 -0500 |
|---|---|---|
| committer | Simon Horman <horms@verge.net.au> | 2014-11-11 21:03:04 -0500 |
| commit | 50656d9df63d69ce399c8be62d4473b039dac36a (patch) | |
| tree | 61c9758c73655b8ee3f23a7b40c0594493d31d2c /net | |
| parent | 2196937e12b1b4ba139806d132647e1651d655df (diff) | |
ipvs: Keep skb->sk when allocating headroom on tunnel xmit
ip_vs_prepare_tunneled_skb() ignores ->sk when allocating a new
skb, either unconditionally setting ->sk to NULL or allowing
the uninitialized ->sk from a newly allocated skb to leak through
to the caller.
This patch properly copies ->sk and increments its reference count.
Signed-off-by: Calvin Owens <calvinowens@fb.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_xmit.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c index 437a3663ad03..bd90bf8107da 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c | |||
| @@ -846,6 +846,8 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af, | |||
| 846 | new_skb = skb_realloc_headroom(skb, max_headroom); | 846 | new_skb = skb_realloc_headroom(skb, max_headroom); |
| 847 | if (!new_skb) | 847 | if (!new_skb) |
| 848 | goto error; | 848 | goto error; |
| 849 | if (skb->sk) | ||
| 850 | skb_set_owner_w(new_skb, skb->sk); | ||
| 849 | consume_skb(skb); | 851 | consume_skb(skb); |
| 850 | skb = new_skb; | 852 | skb = new_skb; |
| 851 | } | 853 | } |