kill_inet_sock() expects rhn_handle instance is passed via inet_diag_arg argument. However on the following calling path:
generic_show_sock => show_one_inet_sock => kill_inet_sock rth field of inet_diag_arg is not filled with the address of rhn_handle instance. As the result ss crashes. This commit fills the field with newly created rhn_handle instance. Signed-off-by: Masatake YAMATO <yam...@redhat.com> --- misc/ss.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/misc/ss.c b/misc/ss.c index 29a25070..a59fa2c1 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -4258,11 +4258,18 @@ static int generic_show_sock(const struct sockaddr_nl *addr, { struct sock_diag_msg *r = NLMSG_DATA(nlh); struct inet_diag_arg inet_arg = { .f = arg, .protocol = IPPROTO_MAX }; + struct rtnl_handle rth_inet; + int result_inet; switch (r->sdiag_family) { case AF_INET: case AF_INET6: - return show_one_inet_sock(addr, nlh, &inet_arg); + if (rtnl_open_byproto(&rth_inet, 0, NETLINK_SOCK_DIAG)) + return -1; + inet_arg.rth = &rth_inet; + result_inet = show_one_inet_sock(addr, nlh, &inet_arg); + rtnl_close(&rth_inet); + return result_inet; case AF_UNIX: return unix_show_sock(addr, nlh, arg); case AF_PACKET: -- 2.14.3