Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[NETFILTER]: Fix rcu race in ipt_REDIRECT
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Patrick McHardy and committed by David S. Miller cd0bf2d7 e7fa1bd9
+10
-6
net/ipv4/netfilter/ipt_REDIRECT.c
+10
-6
net/ipv4/netfilter/ipt_REDIRECT.c
···
88
88
newdst = htonl(0x7F000001);
89
89
else {
90
90
struct in_device *indev;
91
+
struct in_ifaddr *ifa;
91
92
92
-
/* Device might not have an associated in_device. */
93
-
indev = (struct in_device *)(*pskb)->dev->ip_ptr;
94
-
if (indev == NULL || indev->ifa_list == NULL)
93
+
newdst = 0;
94
+
95
+
rcu_read_lock();
96
+
indev = __in_dev_get((*pskb)->dev);
97
+
if (indev && (ifa = indev->ifa_list))
98
+
newdst = ifa->ifa_local;
99
+
rcu_read_unlock();
100
+
101
+
if (!newdst)
95
102
return NF_DROP;
96
-
97
-
/* Grab first address on interface. */
98
-
newdst = indev->ifa_list->ifa_local;
99
103
}
100
104
101
105
/* Transfer from original range. */