From mboxrd@z Thu Jan 1 00:00:00 1970 From: Masatake YAMATO Subject: [PATCH] ss: prepare rth when killing inet sock Date: Wed, 14 Feb 2018 22:50:04 +0900 Message-ID: <20180214135004.30586-1-yamato@redhat.com> Cc: yamato@redhat.com To: netdev@vger.kernel.org Return-path: Received: from mx3-rdu2.redhat.com ([66.187.233.73]:49136 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1030221AbeBNNuN (ORCPT ); Wed, 14 Feb 2018 08:50:13 -0500 Sender: netdev-owner@vger.kernel.org List-ID: kill_inet_sock() expects rhn_handle instance is passed via inet_diag_arg argument. However on the following calling path: generic_show_sock => show_one_inet_sock => kill_inet_sock rth field of inet_diag_arg is not filled with the address of rhn_handle instance. As the result ss crashes. This commit fills the field with newly created rhn_handle instance. Signed-off-by: Masatake YAMATO --- misc/ss.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/misc/ss.c b/misc/ss.c index 29a25070..a59fa2c1 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -4258,11 +4258,18 @@ static int generic_show_sock(const struct sockaddr_nl *addr, { struct sock_diag_msg *r = NLMSG_DATA(nlh); struct inet_diag_arg inet_arg = { .f = arg, .protocol = IPPROTO_MAX }; + struct rtnl_handle rth_inet; + int result_inet; switch (r->sdiag_family) { case AF_INET: case AF_INET6: - return show_one_inet_sock(addr, nlh, &inet_arg); + if (rtnl_open_byproto(&rth_inet, 0, NETLINK_SOCK_DIAG)) + return -1; + inet_arg.rth = &rth_inet; + result_inet = show_one_inet_sock(addr, nlh, &inet_arg); + rtnl_close(&rth_inet); + return result_inet; case AF_UNIX: return unix_show_sock(addr, nlh, arg); case AF_PACKET: -- 2.14.3