linux/net
Daniel Borkmann afb7718016 netfilter: x_tables: fix cgroup matching on non-full sks
While originally only being intended for outgoing traffic, commit
a00e76349f ("netfilter: x_tables: allow to use cgroup match for
LOCAL_IN nf hooks") enabled xt_cgroups for the NF_INET_LOCAL_IN hook
as well, in order to allow for nfacct accounting.

Besides being currently limited to early demuxes only, commit
a00e76349f forgot to add a check if we deal with full sockets,
i.e. in this case not with time wait sockets. TCP time wait sockets
do not have the same memory layout as full sockets, a lower memory
footprint and consequently also don't have a sk_classid member;
probing for sk_classid member there could potentially lead to a
crash.

Fixes: a00e76349f ("netfilter: x_tables: allow to use cgroup match for LOCAL_IN nf hooks")
Cc: Alexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-04-01 11:26:42 +02:00
..
6lowpan 6lowpan: nhc: add other known rfc6282 compressions 2015-02-14 23:08:44 +01:00
9p Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
802 net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
8021q vlan: Add features for stacked vlan device 2015-03-29 13:33:21 -07:00
appletalk appletalk: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:37 -05:00
atm atm: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:37 -05:00
ax25 ax25: Fix the build when CONFIG_INET is disabled 2015-03-05 13:17:39 -05:00
batman-adv batman-adv: Fix use of seq_has_overflowed() 2015-02-22 17:00:08 -05:00
bluetooth Bluetooth: Unify advertising data code paths 2015-03-26 03:30:29 +01:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2015-03-23 22:02:46 -04:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2015-02-19 14:14:42 -08:00
core net: rename dev to orig_dev in deliver_ptype_list_skb 2015-03-31 16:37:43 -04:00
dcb net/dcb: Add IEEE QCN attribute 2015-03-06 21:50:02 -05:00
dccp inet: fix double request socket freeing 2015-03-23 21:40:48 -04:00
decnet net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
dns_resolver Merge commit 'v3.16' into next 2014-10-01 00:44:04 +10:00
dsa net: dsa: Add basic framework to support ndo_fdb functions 2015-03-29 13:23:54 -07:00
ethernet ethernet: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:38 -05:00
hsr net/hsr: Fix NULL pointer dereference and refcnt bugs when deleting a HSR interface. 2015-03-01 13:40:23 -05:00
ieee802154 ieee802154: don't export static symbol 2015-03-14 17:11:31 +01:00
ipv4 netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
ipv6 netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
ipx net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
iucv net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
key xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
l2tp netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
lapb lapb: move EXPORT_SYMBOL after functions. 2014-10-24 15:51:42 -04:00
llc net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
mac80211 Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
mac802154 mac802154: cleanup concurrent check 2015-03-27 19:18:50 +01:00
mpls mpls: In mpls_egress verify the packet length. 2015-03-12 23:05:04 -04:00
netfilter netfilter: x_tables: fix cgroup matching on non-full sks 2015-04-01 11:26:42 +02:00
netlabel netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
netlink rhashtable: provide len to obj_hashfn 2015-03-25 17:18:33 +01:00
netrom net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
nfc net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
openvswitch netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
packet af_packet: pass checksum validation status to the user 2015-03-23 22:01:28 -04:00
phonet net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
rfkill Last round of updates for net-next: 2015-02-04 14:57:45 -08:00
rose net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
sched act_bpf: add initial eBPF support for actions 2015-03-20 19:10:44 -04:00
sctp sctp: avoid to repeatedly declare external variables 2015-03-25 11:40:16 -04:00
sunrpc sunrpc: fix braino in ->poll() 2015-03-08 12:53:46 -07:00
switchdev switchdev: fix stp update API to work with layered netdevices 2015-03-23 16:44:56 -04:00
tipc tipc: fix two bugs in secondary destination lookup 2015-03-29 13:47:36 -07:00
unix net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
vmw_vsock net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
wimax wimax: convert printk to pr_foo() 2014-10-07 20:28:44 -04:00
wireless Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
x25 net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
xfrm xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
compat.c net: socket: add support for async operations 2015-03-23 16:41:36 -04:00
Kconfig kconfig: use bool instead of boolean for type definition attributes 2015-01-07 13:08:04 +01:00
Makefile mpls: Refactor how the mpls module is built 2015-03-04 00:26:06 -05:00
socket.c net: socket: add support for async operations 2015-03-23 16:41:36 -04:00
sysctl_net.c