evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Browse source 
Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter fixes for your net tree,
they are:

* Fix potential NULL dereference in the socket match if revision 0
  is used, from Eric Dumazet.

* Fix missing expectation NAT initialization that results in dumping
  the NAT part via ctnetlink, thus leading to problems in expectation
  synchronization through conntrackd, from myself.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2013-07-22 14:32:39 -07:00
commit 7bd04bcf91
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
net/netfilter/nf_conntrack_expect.c
View file

@ -293,6 +293,11 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class,
sizeof(exp->tuple.dst.u3) - len); sizeof(exp->tuple.dst.u3) - len);
exp->tuple.dst.u.all = *dst; exp->tuple.dst.u.all = *dst;
#ifdef CONFIG_NF_NAT_NEEDED
memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));
memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));
#endif
} }
EXPORT_SYMBOL_GPL(nf_ct_expect_init); EXPORT_SYMBOL_GPL(nf_ct_expect_init);

10
net/netfilter/xt_socket.c
View file

@ -172,7 +172,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
/* Ignore non-transparent sockets, /* Ignore non-transparent sockets,
if XT_SOCKET_TRANSPARENT is used */ if XT_SOCKET_TRANSPARENT is used */
if (info && info->flags & XT_SOCKET_TRANSPARENT) if (info->flags & XT_SOCKET_TRANSPARENT)
transparent = ((sk->sk_state != TCP_TIME_WAIT && transparent = ((sk->sk_state != TCP_TIME_WAIT &&
inet_sk(sk)->transparent) || inet_sk(sk)->transparent) ||
(sk->sk_state == TCP_TIME_WAIT && (sk->sk_state == TCP_TIME_WAIT &&
@ -196,7 +196,11 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
static bool static bool
socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par) socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par)
{ {
return socket_match(skb, par, NULL); static struct xt_socket_mtinfo1 xt_info_v0 = {
.flags = 0,
};
return socket_match(skb, par, &xt_info_v0);
} }
static bool static bool
@ -314,7 +318,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
/* Ignore non-transparent sockets, /* Ignore non-transparent sockets,
if XT_SOCKET_TRANSPARENT is used */ if XT_SOCKET_TRANSPARENT is used */
if (info && info->flags & XT_SOCKET_TRANSPARENT) if (info->flags & XT_SOCKET_TRANSPARENT)
transparent = ((sk->sk_state != TCP_TIME_WAIT && transparent = ((sk->sk_state != TCP_TIME_WAIT &&
inet_sk(sk)->transparent) || inet_sk(sk)->transparent) ||
(sk->sk_state == TCP_TIME_WAIT && (sk->sk_state == TCP_TIME_WAIT &&