Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
tproxy: fixe a possible read from an invalid location in the socket match
TIME_WAIT sockets need to be handled specially, and the socket match
casted inet_timewait_sock instances to inet_sock, which are not
compatible.
Handle this special case by checking sk->sk_state.
Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Balazs Scheidler and committed by David S. Miller c49b9f29 0a0755c9
+1
-1
net/netfilter/xt_socket.c
+1
-1
net/netfilter/xt_socket.c
···
141
141
sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
142
142
saddr, daddr, sport, dport, par->in, false);
143
143
if (sk != NULL) {
144
-
bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
144
+
bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
145
145
146
146
nf_tproxy_put_sock(sk);
147
147
if (wildcard)