From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 11 Oct 2022 18:37:12 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v6.0.1~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7a7f6bddc7497bb2328fec82b049731ed58a0293;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	netfilter-nf_queue-fix-socket-leak.patch
---

diff --git a/queue-4.14/netfilter-nf_queue-fix-socket-leak.patch b/queue-4.14/netfilter-nf_queue-fix-socket-leak.patch
new file mode 100644
index 00000000000..484a46dd61b
--- /dev/null
+++ b/queue-4.14/netfilter-nf_queue-fix-socket-leak.patch
@@ -0,0 +1,34 @@
+From avimalin@gmail.com  Tue Oct 11 20:34:34 2022
+From: Vimal Agrawal <avimalin@gmail.com>
+Date: Tue, 11 Oct 2022 22:52:02 +0530
+Subject: netfilter: nf_queue: fix socket leak
+To: stable@vger.kernel.org
+Cc: fw@strlen.de, avimalin@gmail.com, Vimal Agrawal <vimal.agrawal@sophos.com>
+Message-ID: <20221011172202.3709-1-vimal.agrawal@sophos.com>
+
+From: Vimal Agrawal <avimalin@gmail.com>
+
+Removal of the sock_hold got lost when backporting commit 4d05239203fa
+("netfilter: nf_queue: fix possible use-after-free") to 4.14
+
+This was causing a socket leak and was caught by kmemleak.
+Tested by running kmemleak again with this fix.
+
+Fixes: ef97921ccdc2 ("netfilter: nf_queue: fix possible use-after-free") in 4.14
+Signed-off-by: Vimal Agrawal <vimal.agrawal@sophos.com>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+---
+ net/netfilter/nf_queue.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/net/netfilter/nf_queue.c
++++ b/net/netfilter/nf_queue.c
+@@ -91,8 +91,6 @@ bool nf_queue_entry_get_refs(struct nf_q
+ 		dev_hold(state->in);
+ 	if (state->out)
+ 		dev_hold(state->out);
+-	if (state->sk)
+-		sock_hold(state->sk);
+ #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
+ 	if (entry->skb->nf_bridge) {
+ 		struct net_device *physdev;
diff --git a/queue-4.14/series b/queue-4.14/series
index dcaaf3e5517..ff1fcb25fb1 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -32,3 +32,4 @@ usb-serial-ftdi_sio-fix-300-bps-rate-for-sio.patch
 mmc-core-replace-with-already-defined-values-for-readability.patch
 mmc-core-terminate-infinite-loop-in-sd-uhs-voltage-switch.patch
 rpmsg-qcom-glink-replace-strncpy-with-strscpy_pad.patch
+netfilter-nf_queue-fix-socket-leak.patch