diff options
author | Xin Long <lucien.xin@gmail.com> | 2017-08-18 11:01:36 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-08-18 16:25:49 -0700 |
commit | 4f8a881acc9d1adaf1e552349a0b1df28933a04c (patch) | |
tree | 7592786a35a3e33c69e79c462fb9ad85b3004acc /Documentation/sysctl | |
parent | 9a19bad70cf16b0cdf3576efda7deb490e7aa529 (diff) | |
download | linux-exynos-4f8a881acc9d1adaf1e552349a0b1df28933a04c.tar.gz linux-exynos-4f8a881acc9d1adaf1e552349a0b1df28933a04c.tar.bz2 linux-exynos-4f8a881acc9d1adaf1e552349a0b1df28933a04c.zip |
net: sched: fix NULL pointer dereference when action calls some targets
As we know in some target's checkentry it may dereference par.entryinfo
to check entry stuff inside. But when sched action calls xt_check_target,
par.entryinfo is set with NULL. It would cause kernel panic when calling
some targets.
It can be reproduce with:
# tc qd add dev eth1 ingress handle ffff:
# tc filter add dev eth1 parent ffff: u32 match u32 0 0 action xt \
-j ECN --ecn-tcp-remove
It could also crash kernel when using target CLUSTERIP or TPROXY.
By now there's no proper value for par.entryinfo in ipt_init_target,
but it can not be set with NULL. This patch is to void all these
panics by setting it with an ipt_entry obj with all members = 0.
Note that this issue has been there since the very beginning.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/sysctl')
0 files changed, 0 insertions, 0 deletions