Unverified Commit 306d0585 authored Jul 31, 2024 by openeuler-ci-bot Committed by Gitee Jul 31, 2024

!10441 net/sched: Fix UAF when resolving a clash

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhengchao Shao <shaozhengchao@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/Q2PF6Z5DISE4WRGYFVXAYHDJKONZ5IXY/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAGEM2 
 
Link:https://gitee.com/openeuler/kernel/pulls/10441

 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

parents 29373c47 1a2d17c8

net/sched/act_ct.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -1032,6 +1032,14 @@ static int tcf_ct_act(struct sk_buff skb, const struct tc_action a,
		*/
		if (nf_conntrack_confirm(skb) != NF_ACCEPT)
		goto drop;

		/* The ct may be dropped if a clash has been resolved,
		* so it's necessary to retrieve it from skb again to
		* prevent UAF.
		*/
		ct = nf_ct_get(skb, &ctinfo);
		if (!ct)
		skip_add = true;
		}

		if (!skip_add)