netfilter: xt_socket: check sk before checking for netns.

Only check for the network namespace if the socket is available. Fixes: f5646501 ("netfilter: check if the socket netns is correct.") Reported-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: xt_socket: check sk before checking for netns.
Only check for the network namespace if the socket is available. Fixes: f5646501 ("netfilter: check if the socket netns is correct.") Reported-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
40e4f26e · Flavio Leitner · Pablo Neira Ayuso · 421c119f · 40e4f26e
Commit 40e4f26e authored Sep 27, 2018 by Flavio Leitner Committed by Pablo Neira Ayuso Sep 28, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

net/netfilter/xt_socket.c net/netfilter/xt_socket.c +2 -2

No files found.
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -56,7 +56,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
 	struct sk_buff *pskb = (struct sk_buff *)skb;
 	struct sock *sk = skb->sk;

-	if (!net_eq(xt_net(par), sock_net(sk)))
+	if (sk && !net_eq(xt_net(par), sock_net(sk)))
 		sk = NULL;

 	if (!sk)
@@ -117,7 +117,7 @@ socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par)
 	struct sk_buff *pskb = (struct sk_buff *)skb;
 	struct sock *sk = skb->sk;

-	if (!net_eq(xt_net(par), sock_net(sk)))
+	if (sk && !net_eq(xt_net(par), sock_net(sk)))
 		sk = NULL;

 	if (!sk)