netns: Don't leak others' openreq-s in proc
Pavel Emelyanov [Mon, 22 Nov 2010 03:26:12 +0000 (03:26 +0000)]
The /proc/net/tcp leaks openreq sockets from other namespaces.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/tcp_ipv4.c

index 69ccbc1..e13da6d 100644 (file)
@@ -2043,7 +2043,9 @@ get_req:
        }
 get_sk:
        sk_nulls_for_each_from(sk, node) {
-               if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
+               if (!net_eq(sock_net(sk), net))
+                       continue;
+               if (sk->sk_family == st->family) {
                        cur = sk;
                        goto out;
                }