diff options
| author | Hannes Frederic Sowa <hannes@stressinduktion.org> | 2015-04-08 17:01:22 +0200 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-08-13 12:39:31 +0100 |
| commit | dde9f922112630b4509176ce6df872787e0573fb (patch) | |
| tree | c4eb0348057306a0674a92284c1e3e62d5e36ba3 | |
| parent | 1c1e2a916e2715188dc0ad492dbe42e6379c1a66 (diff) | |
| download | linux-stable-dde9f922112630b4509176ce6df872787e0573fb.tar.gz linux-stable-dde9f922112630b4509176ce6df872787e0573fb.tar.bz2 linux-stable-dde9f922112630b4509176ce6df872787e0573fb.zip | |
ipv4: ip_tunnel: use net namespace from rtable not socket
commit 926a882f6916fd76b6f8ee858d45a2241c5e7999 upstream.
The socket parameter might legally be NULL, thus sock_net is sometimes
causing a NULL pointer dereference. Using net_device pointer in dst_entry
is more reliable.
Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection")
Reported-by: Rick Jones <rick.jones2@hp.com>
Cc: Rick Jones <rick.jones2@hp.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| -rw-r--r-- | net/ipv4/ip_tunnel_core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index 8c4dcc46acd2..ce63ab21b6cd 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -74,7 +74,8 @@ int iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, iph->daddr = dst; iph->saddr = src; iph->ttl = ttl; - __ip_select_ident(sock_net(sk), iph, skb_shinfo(skb)->gso_segs ?: 1); + __ip_select_ident(dev_net(rt->dst.dev), iph, + skb_shinfo(skb)->gso_segs ?: 1); err = ip_local_out_sk(sk, skb); if (unlikely(net_xmit_eval(err))) |