ipvs: use skb_to_full_sk() helper

SYNACK packets might be attached to request sockets. Use skb_to_full_sk() helper to avoid illegal accesses to inet_sk(skb->sk) Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Acked-by: Julian Anastasov <ja@ssi.bg> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>

ipvs: use skb_to_full_sk() helper
SYNACK packets might be attached to request sockets. Use skb_to_full_sk() helper to avoid illegal accesses to inet_sk(skb->sk) Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Acked-by: Julian Anastasov <ja@ssi.bg> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet · David S. Miller
1 parent 00fd38d938
Showing 1 changed file with 8 additions and 8 deletions Side-by-side Diff
net/netfilter/ipvs/ip_vs_core.c
@@ -1176,6 +1176,7 @@
 	struct ip_vs_protocol *pp;
 	struct ip_vs_proto_data *pd;
 	struct ip_vs_conn *cp;
+	struct sock *sk;
  
 	EnterFunction(11);
  
  
  
  
@@ -1183,13 +1184,12 @@
 	if (skb->ipvs_property)
 		return NF_ACCEPT;
  
+	sk = skb_to_full_sk(skb);
 	/* Bad... Do not break raw sockets */
-	if (unlikely(skb->sk != NULL && hooknum == NF_INET_LOCAL_OUT &&
+	if (unlikely(sk && hooknum == NF_INET_LOCAL_OUT &&
 		     af == AF_INET)) {
-		struct sock *sk = skb->sk;
-		struct inet_sock *inet = inet_sk(skb->sk);
  
-		if (inet && sk->sk_family == PF_INET && inet->nodefrag)
+		if (sk->sk_family == PF_INET && inet_sk(sk)->nodefrag)
 			return NF_ACCEPT;
 	}
  
@@ -1681,6 +1681,7 @@
 	struct ip_vs_conn *cp;
 	int ret, pkts;
 	int conn_reuse_mode;
+	struct sock *sk;
  
 	/* Already marked as IPVS request or reply? */
 	if (skb->ipvs_property)
  
  
@@ -1708,12 +1709,11 @@
 	ip_vs_fill_iph_skb(af, skb, false, &iph);
  
 	/* Bad... Do not break raw sockets */
-	if (unlikely(skb->sk != NULL && hooknum == NF_INET_LOCAL_OUT &&
+	sk = skb_to_full_sk(skb);
+	if (unlikely(sk && hooknum == NF_INET_LOCAL_OUT &&
 		     af == AF_INET)) {
-		struct sock *sk = skb->sk;
-		struct inet_sock *inet = inet_sk(skb->sk);
  
-		if (inet && sk->sk_family == PF_INET && inet->nodefrag)
+		if (sk->sk_family == PF_INET && inet_sk(sk)->nodefrag)
 			return NF_ACCEPT;
 	}
...	...	@@ -1176,6 +1176,7 @@
1176	1176	struct ip_vs_protocol *pp;
1177	1177	struct ip_vs_proto_data *pd;
1178	1178	struct ip_vs_conn *cp;
	1179	+ struct sock *sk;
1179	1180
1180	1181	EnterFunction(11);
1181	1182
1182	1183
1183	1184
1184	1185
...	...	@@ -1183,13 +1184,12 @@
1183	1184	if (skb->ipvs_property)
1184	1185	return NF_ACCEPT;
1185	1186
	1187	+ sk = skb_to_full_sk(skb);
1186	1188	/* Bad... Do not break raw sockets */
1187		- if (unlikely(skb->sk != NULL && hooknum == NF_INET_LOCAL_OUT &&
	1189	+ if (unlikely(sk && hooknum == NF_INET_LOCAL_OUT &&
1188	1190	af == AF_INET)) {
1189		- struct sock *sk = skb->sk;
1190		- struct inet_sock *inet = inet_sk(skb->sk);
1191	1191
1192		- if (inet && sk->sk_family == PF_INET && inet->nodefrag)
	1192	+ if (sk->sk_family == PF_INET && inet_sk(sk)->nodefrag)
1193	1193	return NF_ACCEPT;
1194	1194	}
1195	1195
...	...	@@ -1681,6 +1681,7 @@
1681	1681	struct ip_vs_conn *cp;
1682	1682	int ret, pkts;
1683	1683	int conn_reuse_mode;
	1684	+ struct sock *sk;
1684	1685
1685	1686	/* Already marked as IPVS request or reply? */
1686	1687	if (skb->ipvs_property)
1687	1688
1688	1689
...	...	@@ -1708,12 +1709,11 @@
1708	1709	ip_vs_fill_iph_skb(af, skb, false, &iph);
1709	1710
1710	1711	/* Bad... Do not break raw sockets */
1711		- if (unlikely(skb->sk != NULL && hooknum == NF_INET_LOCAL_OUT &&
	1712	+ sk = skb_to_full_sk(skb);
	1713	+ if (unlikely(sk && hooknum == NF_INET_LOCAL_OUT &&
1712	1714	af == AF_INET)) {
1713		- struct sock *sk = skb->sk;
1714		- struct inet_sock *inet = inet_sk(skb->sk);
1715	1715
1716		- if (inet && sk->sk_family == PF_INET && inet->nodefrag)
	1716	+ if (sk->sk_family == PF_INET && inet_sk(sk)->nodefrag)
1717	1717	return NF_ACCEPT;
1718	1718	}
1719	1719