Unverified Commit 8bcf09f8 authored Jul 31, 2024 by openeuler-ci-bot Committed by Gitee Jul 31, 2024

!10440 net/sched: Fix UAF when resolving a clash

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhengchao Shao <shaozhengchao@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/JMB4ZEQ2AEP5GXZ3J2NR26KE6F3BWLCQ/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAGEM2 
 
Link:https://gitee.com/openeuler/kernel/pulls/10440

 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

parents 5b28bbbd 10a53bc7

net/sched/act_ct.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -1027,6 +1027,14 @@ static int tcf_ct_act(struct sk_buff skb, const struct tc_action a,
		*/
		if (nf_conntrack_confirm(skb) != NF_ACCEPT)
		goto drop;

		/* The ct may be dropped if a clash has been resolved,
		* so it's necessary to retrieve it from skb again to
		* prevent UAF.
		*/
		ct = nf_ct_get(skb, &ctinfo);
		if (!ct)
		skip_add = true;
		}

		if (!skip_add)