OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
afb7718016
linux/net
History
Daniel Borkmann afb7718016 netfilter: x_tables: fix cgroup matching on non-full sks 
While originally only being intended for outgoing traffic, commit
a00e76349f ("netfilter: x_tables: allow to use cgroup match for
LOCAL_IN nf hooks") enabled xt_cgroups for the NF_INET_LOCAL_IN hook
as well, in order to allow for nfacct accounting.

Besides being currently limited to early demuxes only, commit
a00e76349f forgot to add a check if we deal with full sockets,
i.e. in this case not with time wait sockets. TCP time wait sockets
do not have the same memory layout as full sockets, a lower memory
footprint and consequently also don't have a sk_classid member;
probing for sk_classid member there could potentially lead to a
crash.

Fixes: a00e76349f ("netfilter: x_tables: allow to use cgroup match for LOCAL_IN nf hooks")
Cc: Alexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-04-01 11:26:42 +02:00
..
6lowpan
9p Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
802
8021q vlan: Add features for stacked vlan device 2015-03-29 13:33:21 -07:00
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: Unify advertising data code paths 2015-03-26 03:30:29 +01:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2015-03-23 22:02:46 -04:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
can
ceph
core net: rename dev to orig_dev in deliver_ptype_list_skb 2015-03-31 16:37:43 -04:00
dcb
dccp inet: fix double request socket freeing 2015-03-23 21:40:48 -04:00
decnet
dns_resolver
dsa net: dsa: Add basic framework to support ndo_fdb functions 2015-03-29 13:23:54 -07:00
ethernet
hsr
ieee802154
ipv4 netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
ipv6 netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
ipx
irda
iucv
key xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
l2tp netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
lapb
llc
mac80211 Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
mac802154 mac802154: cleanup concurrent check 2015-03-27 19:18:50 +01:00
mpls
netfilter netfilter: x_tables: fix cgroup matching on non-full sks 2015-04-01 11:26:42 +02:00
netlabel netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
netlink rhashtable: provide len to obj_hashfn 2015-03-25 17:18:33 +01:00
netrom
nfc
openvswitch netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
packet af_packet: pass checksum validation status to the user 2015-03-23 22:01:28 -04:00
phonet
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
rfkill
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
sched act_bpf: add initial eBPF support for actions 2015-03-20 19:10:44 -04:00
sctp sctp: avoid to repeatedly declare external variables 2015-03-25 11:40:16 -04:00
sunrpc
switchdev switchdev: fix stp update API to work with layered netdevices 2015-03-23 16:44:56 -04:00
tipc tipc: fix two bugs in secondary destination lookup 2015-03-29 13:47:36 -07:00
unix
vmw_vsock
wimax
wireless Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
x25
xfrm xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
compat.c net: socket: add support for async operations 2015-03-23 16:41:36 -04:00
Kconfig
Makefile
socket.c net: socket: add support for async operations 2015-03-23 16:41:36 -04:00
sysctl_net.c