diff options
author | John Stultz <john.stultz@linaro.org> | 2016-04-22 17:12:57 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-07-28 19:49:09 -0700 |
commit | 52d2c42bc4044dd0f78f4b1e35c3010c8b9e6b18 (patch) | |
tree | c0f8bd8a518e33bb23484bc6eaad4cb33ce765db /net/ipx | |
parent | 843033e0053b21a7656e2ff1ded3a1d157620d6e (diff) |
xt_qtaguid: Fix panic caused by synack processing
In upstream commit ca6fb06518836ef9b65dc0aac02ff97704d52a05
(tcp: attach SYNACK messages to request sockets instead of
listener)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca6fb0651883
The building of synack messages was changed, which made it so
the skb->sk points to a casted request_sock. This is problematic,
as there is no sk_socket in a request_sock. So when the qtaguid_mt
function tries to access the sk->sk_socket, it accesses uninitialized
memory.
After looking at how other netfilter implementations handle this,
I realized there was a skb_to_full_sk() helper added, which the
xt_qtaguid code isn't yet using.
This patch adds its use, and resovles panics seen when accessing
uninitialzed memory when processing synack packets.
Change-Id: Id0dbb7853aba221c1926e44616524fed90677602
CRs-Fixed: 1035969
Reported-by: YongQin Liu <yongquin.liu@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Git-commit: 4e461c777e345727aa2988377774c996d303ac46
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Bryse Flowers <bflowers@codeaurora.org>
Diffstat (limited to 'net/ipx')
0 files changed, 0 insertions, 0 deletions