tproxy: fixe a possible read from an invalid location in the socket match

TIME_WAIT sockets need to be handled specially, and the socket match
casted inet_timewait_sock instances to inet_sock, which are not
compatible.

Handle this special case by checking sk->sk_state.

Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Balazs Scheidler 2008-12-07 23:53:46 -08:00 committed by David S. Miller
parent 0a0755c9fe
commit c49b9f295e

View File

@ -141,7 +141,7 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
saddr, daddr, sport, dport, par->in, false);
if (sk != NULL) {
bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
nf_tproxy_put_sock(sk);
if (wildcard)