netfilter: xt_TEE: fix NULL dereference

iptables -I INPUT ... -j TEE --gateway 10.1.2.3 <crash> because --oif was not specified tee_tg_check() sets ->priv pointer to NULL in this case. Fixes: bbde9fc ("netfilter: factor out packet duplication for IPv4/IPv6") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
mariux64 · Oct 22, 2015 · 45efccd · 45efccd
1 parent 104eb27
commit 45efccd
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
@@ -31,8 +31,9 @@ static unsigned int
 tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
 {
 	const struct xt_tee_tginfo *info = par->targinfo;
+	int oif = info->priv ? info->priv->oif : 0;
 
-	nf_dup_ipv4(skb, par->hooknum, &info->gw.in, info->priv->oif);
+	nf_dup_ipv4(skb, par->hooknum, &info->gw.in, oif);
 
 	return XT_CONTINUE;
 }
@@ -42,8 +43,9 @@ static unsigned int
 tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 {
 	const struct xt_tee_tginfo *info = par->targinfo;
+	int oif = info->priv ? info->priv->oif : 0;
 
-	nf_dup_ipv6(skb, par->hooknum, &info->gw.in6, info->priv->oif);
+	nf_dup_ipv6(skb, par->hooknum, &info->gw.in6, oif);
 
 	return XT_CONTINUE;
 }