summaryrefslogtreecommitdiff
path: root/net/netfilter/xt_cgroup.c
diff options
context:
space:
mode:
authorFlavio Leitner <fbl@redhat.com>2018-06-27 10:34:25 -0300
committerDavid S. Miller <davem@davemloft.net>2018-06-28 22:21:32 +0900
commitf564650106a6e85702660fefd59fdff0877ab46a (patch)
tree5bc5ca2ef701a097f0447a7073c2ee0be9b79e01 /net/netfilter/xt_cgroup.c
parent003504a23a765620815622cb57b962b4aebdc5af (diff)
netfilter: check if the socket netns is correct.
Netfilter assumes that if the socket is present in the skb, then it can be used because that reference is cleaned up while the skb is crossing netns. We want to change that to preserve the socket reference in a future patch, so this is a preparation updating netfilter to check if the socket netns matches before use it. Signed-off-by: Flavio Leitner <fbl@redhat.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/xt_cgroup.c')
-rw-r--r--net/netfilter/xt_cgroup.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/xt_cgroup.c b/net/netfilter/xt_cgroup.c
index 7df2dece57d3..5d92e1781980 100644
--- a/net/netfilter/xt_cgroup.c
+++ b/net/netfilter/xt_cgroup.c
@@ -72,8 +72,9 @@ static bool
cgroup_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_cgroup_info_v0 *info = par->matchinfo;
+ struct sock *sk = skb->sk;
- if (skb->sk == NULL || !sk_fullsock(skb->sk))
+ if (!sk || !sk_fullsock(sk) || !net_eq(xt_net(par), sock_net(sk)))
return false;
return (info->id == sock_cgroup_classid(&skb->sk->sk_cgrp_data)) ^
@@ -85,8 +86,9 @@ static bool cgroup_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
const struct xt_cgroup_info_v1 *info = par->matchinfo;
struct sock_cgroup_data *skcd = &skb->sk->sk_cgrp_data;
struct cgroup *ancestor = info->priv;
+ struct sock *sk = skb->sk;
- if (!skb->sk || !sk_fullsock(skb->sk))
+ if (!sk || !sk_fullsock(sk) || !net_eq(xt_net(par), sock_net(sk)))
return false;
if (ancestor)
generated by cgit (git 2.34.1) at 2024-05-30 18:02:46 +0000