Skip to content

Commit

Permalink
netfilter: xt_socket: check sk before checking for netns.
Browse files Browse the repository at this point in the history 
Only check for the network namespace if the socket is available.

Fixes: f564650 ("netfilter: check if the socket netns is correct.")
Reported-by: Guenter Roeck <[email protected]>
Tested-by: Guenter Roeck <[email protected]>
Signed-off-by: Flavio Leitner <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
  • Loading branch information
@fleitner @ummakynes
fleitner authored and ummakynes committed Sep 28, 2018
1 parent 421c119 commit 40e4f26
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions net/netfilter/xt_socket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
struct sk_buff *pskb = (struct sk_buff *)skb;
struct sock *sk = skb->sk;

if (!net_eq(xt_net(par), sock_net(sk)))
if (sk && !net_eq(xt_net(par), sock_net(sk)))
sk = NULL;

if (!sk)
Expand Down Expand Up @@ -117,7 +117,7 @@ socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par)
struct sk_buff *pskb = (struct sk_buff *)skb;
struct sock *sk = skb->sk;

if (!net_eq(xt_net(par), sock_net(sk)))
if (sk && !net_eq(xt_net(par), sock_net(sk)))
sk = NULL;

if (!sk)
Expand Down

0 comments on commit 40e4f26

Please sign in to comment.