Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 40e4f26e authored by Flavio Leitner's avatar Flavio Leitner Committed by Pablo Neira Ayuso
Browse files

netfilter: xt_socket: check sk before checking for netns. 



Only check for the network namespace if the socket is available.

Fixes: f5646501 ("netfilter: check if the socket netns is correct.")
Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
Signed-off-by: default avatarFlavio Leitner <fbl@redhat.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 421c119f

net/netfilter/xt_socket.c

+2 −2
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, 
	struct sk_buff *pskb = (struct sk_buff *)skb;

	struct sock *sk = skb->sk;



	if (!net_eq(xt_net(par), sock_net(sk)))

	if (sk && !net_eq(xt_net(par), sock_net(sk)))

		sk = NULL;



	if (!sk)
@@ -117,7 +117,7 @@ socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par) 
	struct sk_buff *pskb = (struct sk_buff *)skb;

	struct sock *sk = skb->sk;



	if (!net_eq(xt_net(par), sock_net(sk)))

	if (sk && !net_eq(xt_net(par), sock_net(sk)))

		sk = NULL;



	if (!sk)