Commit 058a52e0 authored Aug 26, 2023 by Vamsi Krishna Brahmajosyula Committed by Greg Kroah-Hartman Aug 30, 2023

netfilter: nf_queue: fix socket leak

Removal of the sock_hold got lost when backporting commit c3873070247d
("netfilter: nf_queue: fix possible use-after-free") to 4.19

Fixes: 34dc4a6a ("netfilter: nf_queue: fix possible use-after-free") in 4.19

Fixed in 4.14 with
https://lore.kernel.org/all/20221024112958.115275475@linuxfoundation.org/



Signed-off-by: Vimal Agrawal <vimal.agrawal@sophos.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
[vbrahmajosyula: The fix to the backport was missed in 4.19]
Signed-off-by: Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 84d90fb7

net/netfilter/nf_queue.c

+0 −2

Original line number	Diff line number	Diff line
		@@ -93,8 +93,6 @@ bool nf_queue_entry_get_refs(struct nf_queue_entry *entry)
		dev_hold(state->in);
		if (state->out)
		dev_hold(state->out);
		if (state->sk)
		sock_hold(state->sk);
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		if (entry->skb->nf_bridge) {
		struct net_device *physdev;