netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Phil Sutter <phil@nwl.cc>
To: pablo@netfilter.org
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
	netfilter-devel@vger.kernel.org
Subject: [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
Date: Thu,  6 Aug 2015 14:34:56 +0200	[thread overview]
Message-ID: <1438864497-3767-1-git-send-email-phil@nwl.cc> (raw)
In-Reply-To: <20150804175302.GA19650@salvia>

This happens when networking namespaces are enabled.

Suggested-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 net/ipv6/netfilter/ip6t_SYNPROXY.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index 6edb7b1..f5af323 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -40,9 +40,9 @@ static void
 synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb,
 		  struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo,
 		  struct ipv6hdr *niph, struct tcphdr *nth,
-		  unsigned int tcp_hdr_size)
+		  unsigned int tcp_hdr_size, struct synproxy_net *snet)
 {
-	struct net *net = nf_ct_net((struct nf_conn *)nfct);
+	struct net *net = nf_ct_net(snet->tmpl);
 	struct dst_entry *dst;
 	struct flowi6 fl6;
 
@@ -84,7 +84,8 @@ free_nskb:
 
 static void
 synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th,
-			    const struct synproxy_options *opts)
+			    const struct synproxy_options *opts,
+			    struct synproxy_net *snet)
 {
 	struct sk_buff *nskb;
 	struct ipv6hdr *iph, *niph;
@@ -120,7 +121,7 @@ synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th,
 	synproxy_build_options(nth, opts);
 
 	synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
-			  niph, nth, tcp_hdr_size);
+			  niph, nth, tcp_hdr_size, snet);
 }
 
 static void
@@ -164,7 +165,7 @@ synproxy_send_server_syn(const struct synproxy_net *snet,
 	synproxy_build_options(nth, opts);
 
 	synproxy_send_tcp(skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW,
-			  niph, nth, tcp_hdr_size);
+			  niph, nth, tcp_hdr_size, snet);
 }
 
 static void
@@ -203,7 +204,7 @@ synproxy_send_server_ack(const struct synproxy_net *snet,
 
 	synproxy_build_options(nth, opts);
 
-	synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size);
+	synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size, snet);
 }
 
 static void
@@ -241,7 +242,7 @@ synproxy_send_client_ack(const struct synproxy_net *snet,
 
 	synproxy_build_options(nth, opts);
 
-	synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size);
+	synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size, snet);
 }
 
 static bool
@@ -301,7 +302,7 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 					  XT_SYNPROXY_OPT_SACK_PERM |
 					  XT_SYNPROXY_OPT_ECN);
 
-		synproxy_send_client_synack(skb, th, &opts);
+		synproxy_send_client_synack(skb, th, &opts, snet);
 		return NF_DROP;
 
 	} else if (th->ack && !(th->fin || th->rst || th->syn)) {
-- 
2.1.2


  reply	other threads:[~2015-08-06 12:34 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1438037606-5462-1-git-send-email-phil@nwl.cc>
2015-08-04 17:53 ` [PATCH] netfilter: ipt_SYNPROXY: fix sending window update to client Pablo Neira Ayuso
2015-08-06 12:34   ` Phil Sutter [this message]
2015-08-06 12:34     ` [PATCH 2/2] netfilter: ip6t_SYNPROXY: " Phil Sutter
2015-08-08 15:57     ` [PATCH 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy
2015-08-09 11:14       ` [PATCH v2 " Phil Sutter
2015-08-09 11:14         ` [PATCH v2 2/2] netfilter: ip6t_SYNPROXY: fix sending window update to client Phil Sutter
2015-08-10  8:06           ` Patrick McHardy
2015-08-10 11:58             ` Pablo Neira Ayuso
2015-08-10  7:57         ` [PATCH v2 1/2] netfilter: ip6t_SYNPROXY: fix NULL pointer dereference Patrick McHardy
2015-08-10 11:58           ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1438864497-3767-1-git-send-email-phil@nwl.cc \
    --to=phil@nwl.cc \
    --cc=kaber@trash.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).