openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: xt_TEE: fix NULL dereference 

iptables -I INPUT ... -j TEE --gateway 10.1.2.3

<crash> because --oif was not specified

tee_tg_check() sets ->priv pointer to NULL in this case.

Fixes: bbde9fc182 ("netfilter: factor out packet duplication for IPv4/IPv6")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Eric Dumazet 2015-10-19 18:02:01 -07:00 committed by Pablo Neira Ayuso
parent 104eb270e6
commit 45efccdbec
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/netfilter/xt_TEE.c
View File

@ -31,8 +31,9 @@ static unsigned int
tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tee_tginfo *info = par->targinfo;
int oif = info->priv ? info->priv->oif : 0;
nf_dup_ipv4(skb, par->hooknum, &info->gw.in, info->priv->oif);
nf_dup_ipv4(skb, par->hooknum, &info->gw.in, oif);
return XT_CONTINUE;
}
@ -42,8 +43,9 @@ static unsigned int
tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tee_tginfo *info = par->targinfo;
int oif = info->priv ? info->priv->oif : 0;
nf_dup_ipv6(skb, par->hooknum, &info->gw.in6, info->priv->oif);
nf_dup_ipv6(skb, par->hooknum, &info->gw.in6, oif);
return XT_CONTINUE;
}