Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 52d2c42b authored by John Stultz's avatar John Stultz Committed by Gerrit - the friendly Code Review server
Browse files

xt_qtaguid: Fix panic caused by synack processing 

In upstream commit ca6fb065
(tcp: attach SYNACK messages to request sockets instead of
listener)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca6fb0651883



The building of synack messages was changed, which made it so
the skb->sk points to a casted request_sock. This is problematic,
as there is no sk_socket in a request_sock. So when the qtaguid_mt
function tries to access the sk->sk_socket, it accesses uninitialized
memory.

After looking at how other netfilter implementations handle this,
I realized there was a skb_to_full_sk() helper added, which the
xt_qtaguid code isn't yet using.

This patch adds its use, and resovles panics seen when accessing
uninitialzed memory when processing synack packets.

Change-Id: Id0dbb7853aba221c1926e44616524fed90677602
CRs-Fixed: 1035969
Reported-by: default avatarYongQin Liu <yongquin.liu@linaro.org>
Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
Git-commit: 4e461c77
Git-repo: https://android.googlesource.com/kernel/common/


Signed-off-by: default avatarBryse Flowers <bflowers@codeaurora.org>
parent 843033e0
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment