path: root/net/netfilter
diff options
authorCalvin Owens <calvinowens@fb.com>2014-11-04 16:37:40 -0800
committerSimon Horman <horms@verge.net.au>2014-11-12 11:03:04 +0900
commit50656d9df63d69ce399c8be62d4473b039dac36a (patch)
tree61c9758c73655b8ee3f23a7b40c0594493d31d2c /net/netfilter
parent2196937e12b1b4ba139806d132647e1651d655df (diff)
ipvs: Keep skb->sk when allocating headroom on tunnel xmit
ip_vs_prepare_tunneled_skb() ignores ->sk when allocating a new skb, either unconditionally setting ->sk to NULL or allowing the uninitialized ->sk from a newly allocated skb to leak through to the caller. This patch properly copies ->sk and increments its reference count. Signed-off-by: Calvin Owens <calvinowens@fb.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'net/netfilter')
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 437a3663ad03..bd90bf8107da 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -846,6 +846,8 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af,
new_skb = skb_realloc_headroom(skb, max_headroom);
if (!new_skb)
goto error;
+ if (skb->sk)
+ skb_set_owner_w(new_skb, skb->sk);
skb = new_skb;

Privacy Policy