netfilter: xt_qtaguid: fix crash on non-full sks
authorHuang, Tao <huangtao@rock-chips.com>
Wed, 27 Apr 2016 10:34:13 +0000 (18:34 +0800)
committerHuang, Tao <huangtao@rock-chips.com>
Wed, 27 Apr 2016 10:43:41 +0000 (18:43 +0800)
If sock is request_sock then kernel will crash. So use
skb_to_full_sk() and sk_fullsock() helper to make sure
we get full sock.

Change-Id: Iefd548e0591055b1a8031f0835c4dca7b9d42b61
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
net/netfilter/xt_qtaguid.c

index e1442bfb668dbaf9ecd3f7f425cc70a49b500a1a..2596e1bf402f671ccaf1a8cb38a19533cdeff7ec 100644 (file)
@@ -1606,7 +1606,7 @@ static struct sock *qtaguid_find_sk(const struct sk_buff *skb,
                 * When in TCP_TIME_WAIT the sk is not a "struct sock" but
                 * "struct inet_timewait_sock" which is missing fields.
                 */
-               if (sk->sk_state  == TCP_TIME_WAIT) {
+               if (!sk_fullsock(sk)) {
                        sock_gen_put(sk);
                        sk = NULL;
                }
@@ -1689,7 +1689,7 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
        /* default: Fall through and do UID releated work */
        }
 
-       sk = skb->sk;
+       sk = skb_to_full_sk(skb);
        /*
         * When in TCP_TIME_WAIT the sk is not a "struct sock" but
         * "struct inet_timewait_sock" which is missing fields.