kill_inet_sock() expects rhn_handle instance is passed
via inet_diag_arg argument. However on the following calling path:
generic_show_sock
=> show_one_inet_sock
=> kill_inet_sock
rth field of inet_diag_arg is not filled with the address of
rhn_handle instance. As the result ss crashes.
This commit fills the field with newly created rhn_handle
instance.
Signed-off-by: Masatake YAMATO <yam...@redhat.com>
---
misc/ss.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/misc/ss.c b/misc/ss.c
index 29a25070..a59fa2c1 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -4258,11 +4258,18 @@ static int generic_show_sock(const struct sockaddr_nl
*addr,
{
struct sock_diag_msg *r = NLMSG_DATA(nlh);
struct inet_diag_arg inet_arg = { .f = arg, .protocol = IPPROTO_MAX };
+ struct rtnl_handle rth_inet;
+ int result_inet;
switch (r->sdiag_family) {
case AF_INET:
case AF_INET6:
- return show_one_inet_sock(addr, nlh, &inet_arg);
+ if (rtnl_open_byproto(&rth_inet, 0, NETLINK_SOCK_DIAG))
+ return -1;
+ inet_arg.rth = &rth_inet;
+ result_inet = show_one_inet_sock(addr, nlh, &inet_arg);
+ rtnl_close(&rth_inet);
+ return result_inet;
case AF_UNIX:
return unix_show_sock(addr, nlh, arg);
case AF_PACKET:
--
2.14.3
