kernel: net_sched: fix a NULL pointer deref in ipt action
authorCong Wang <xiyou.wangcong@gmail.com>
Sun, 25 Aug 2019 12:35:06 +0000 (05:35 -0700)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 8 Sep 2019 15:42:39 +0000 (17:42 +0200)
commit16985d2aabe3813955bd9dae99cca254198fdd55
tree33e2a455d0e7fe22bc26fb9e7ac0da0ab9925581
parent15292501a1a9ca979b7b92d5187a7b095fe3af66
kernel: net_sched: fix a NULL pointer deref in ipt action

The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().

The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.

Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
[Backport for kernel v4.19 and v4.14]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 7735cce0c5c306bd9eea20ca2805e4a492c02be9)
target/linux/generic/backport-4.14/380-v5.3-net-sched-Introduce-act_ctinfo-action.patch
target/linux/generic/backport-4.14/390-v5.3-net-sched-fix-action-ipt-crash.patch [new file with mode: 0644]