diff options
author | Calvin Owens <calvinowens@fb.com> | 2014-11-04 16:37:40 -0800 |
---|---|---|
committer | Simon Horman <horms@verge.net.au> | 2014-11-12 11:03:04 +0900 |
commit | 50656d9df63d69ce399c8be62d4473b039dac36a (patch) | |
tree | 61c9758c73655b8ee3f23a7b40c0594493d31d2c /net | |
parent | 2196937e12b1b4ba139806d132647e1651d655df (diff) | |
download | lwn-50656d9df63d69ce399c8be62d4473b039dac36a.tar.gz lwn-50656d9df63d69ce399c8be62d4473b039dac36a.zip |
ipvs: Keep skb->sk when allocating headroom on tunnel xmit
ip_vs_prepare_tunneled_skb() ignores ->sk when allocating a new
skb, either unconditionally setting ->sk to NULL or allowing
the uninitialized ->sk from a newly allocated skb to leak through
to the caller.
This patch properly copies ->sk and increments its reference count.
Signed-off-by: Calvin Owens <calvinowens@fb.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/ipvs/ip_vs_xmit.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c index 437a3663ad03..bd90bf8107da 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -846,6 +846,8 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af, new_skb = skb_realloc_headroom(skb, max_headroom); if (!new_skb) goto error; + if (skb->sk) + skb_set_owner_w(new_skb, skb->sk); consume_skb(skb); skb = new_skb; } |