netns: Don't leak others' openreq-s in proc

Message ID	4CEA6F74.6010107@parallels.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <4CEA6F74.6010107@parallels.com> Date: Mon, 22 Nov 2010 16:26:12 +0300 From: Pavel Emelyanov <xemul@parallels.com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100720 Fedora/3.0.6-1.fc12 Thunderbird/3.0.6 MIME-Version: 1.0 To: David Miller <davem@davemloft.net>, Linux Netdev List <netdev@vger.kernel.org> Subject: [PATCH] netns: Don't leak others' openreq-s in proc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

4CEA6F74.6010107@parallels.com

State

Accepted, archived

Delegated to:

David Miller

Headers

Message-ID: <4CEA6F74.6010107@parallels.com>
Date: Mon, 22 Nov 2010 16:26:12 +0300
From: Pavel Emelyanov <xemul@parallels.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.9.1.11) Gecko/20100720 Fedora/3.0.6-1.fc12 Thunderbird/3.0.6
MIME-Version: 1.0
To: David Miller <davem@davemloft.net>,
	Linux Netdev List <netdev@vger.kernel.org>
Subject: [PATCH] netns: Don't leak others' openreq-s in proc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Pavel Emelyanov Nov. 22, 2010, 1:26 p.m. UTC

The /proc/net/tcp leaks openreq sockets from other namespaces.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

---

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

David Miller Nov. 28, 2010, 6:58 a.m. UTC | #1

From: Pavel Emelyanov <xemul@parallels.com>
Date: Mon, 22 Nov 2010 16:26:12 +0300

> The /proc/net/tcp leaks openreq sockets from other namespaces.
> 
> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

Applied to net-2.6, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 69ccbc1..e13da6d 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2043,7 +2043,9 @@  get_req:
 	}
 get_sk:
 	sk_nulls_for_each_from(sk, node) {
-		if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
+		if (!net_eq(sock_net(sk), net))
+			continue;
+		if (sk->sk_family == st->family) {
 			cur = sk;
 			goto out;
 		}

netns: Don't leak others' openreq-s in proc

Commit Message

Comments

Patch