openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 

Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter fixes for your net tree,
they are:

* Fix potential NULL dereference in the socket match if revision 0
  is used, from Eric Dumazet.

* Fix missing expectation NAT initialization that results in dumping
  the NAT part via ctnetlink, thus leading to problems in expectation
  synchronization through conntrackd, from myself.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2013-07-22 14:32:39 -07:00
parent f5f7ab6785 baf60efa58
commit 7bd04bcf91
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/netfilter/nf_conntrack_expect.c
View File

@ -293,6 +293,11 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class,
sizeof(exp->tuple.dst.u3) - len);
exp->tuple.dst.u.all = *dst;
#ifdef CONFIG_NF_NAT_NEEDED
memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));
memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));
#endif
}
EXPORT_SYMBOL_GPL(nf_ct_expect_init);

10
net/netfilter/xt_socket.c
View File

@ -172,7 +172,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
/* Ignore non-transparent sockets,
if XT_SOCKET_TRANSPARENT is used */
if (info && info->flags & XT_SOCKET_TRANSPARENT)
if (info->flags & XT_SOCKET_TRANSPARENT)
transparent = ((sk->sk_state != TCP_TIME_WAIT &&
inet_sk(sk)->transparent) ||
(sk->sk_state == TCP_TIME_WAIT &&
@ -196,7 +196,11 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
static bool
socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par)
{
return socket_match(skb, par, NULL);
static struct xt_socket_mtinfo1 xt_info_v0 = {
.flags = 0,
};
return socket_match(skb, par, &xt_info_v0);
}
static bool
@ -314,7 +318,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
/* Ignore non-transparent sockets,
if XT_SOCKET_TRANSPARENT is used */
if (info && info->flags & XT_SOCKET_TRANSPARENT)
if (info->flags & XT_SOCKET_TRANSPARENT)
transparent = ((sk->sk_state != TCP_TIME_WAIT &&
inet_sk(sk)->transparent) ||
(sk->sk_state == TCP_TIME_WAIT &&