mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-11 07:39:47 +00:00
netfilter: xt_socket: check sk before checking for netns.
Only check for the network namespace if the socket is available. Fixes: f564650106a6 ("netfilter: check if the socket netns is correct.") Reported-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
421c119f55
commit
40e4f26e6a
@ -56,7 +56,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
|
||||
struct sk_buff *pskb = (struct sk_buff *)skb;
|
||||
struct sock *sk = skb->sk;
|
||||
|
||||
if (!net_eq(xt_net(par), sock_net(sk)))
|
||||
if (sk && !net_eq(xt_net(par), sock_net(sk)))
|
||||
sk = NULL;
|
||||
|
||||
if (!sk)
|
||||
@ -117,7 +117,7 @@ socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par)
|
||||
struct sk_buff *pskb = (struct sk_buff *)skb;
|
||||
struct sock *sk = skb->sk;
|
||||
|
||||
if (!net_eq(xt_net(par), sock_net(sk)))
|
||||
if (sk && !net_eq(xt_net(par), sock_net(sk)))
|
||||
sk = NULL;
|
||||
|
||||
if (!sk)
|
||||
|
Loading…
x
Reference in New Issue
Block a user