tproxy: fixe a possible read from an invalid location in the socket match

[linux-2.6-omap-h63xx.git] / net / netfilter / xt_socket.c

diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 02a8fed210820879d5b6026041626c7816cc5612..1acc089be7e94b6e8570d9529895402d3e5a75df 100644 (file)
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -141,7 +141,7 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
                                   saddr, daddr, sport, dport, par->in, false);
        if (sk != NULL) {
-               bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
+               bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
 
                nf_tproxy_put_sock(sk);
                if (wildcard)