Searched hist:"86 fdb344" (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/net/sctp/ |
H A D | endpointola.c | 86fdb344 Sat Jun 17 03:10:27 CDT 2017 Xin Long <lucien.xin@gmail.com> sctp: ensure ep is not destroyed before doing the dump
Now before dumping a sock in sctp_diag, it only holds the sock while the ep may be already destroyed. It can cause a use-after-free panic when accessing ep->asocs.
This patch is to set sctp_sk(sk)->ep NULL in sctp_endpoint_destroy, and check if this ep is already destroyed before dumping this ep.
Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdrver.com> Signed-off-by: David S. Miller <davem@davemloft.net> 86fdb344 Sat Jun 17 03:10:27 CDT 2017 Xin Long <lucien.xin@gmail.com> sctp: ensure ep is not destroyed before doing the dump Now before dumping a sock in sctp_diag, it only holds the sock while the ep may be already destroyed. It can cause a use-after-free panic when accessing ep->asocs. This patch is to set sctp_sk(sk)->ep NULL in sctp_endpoint_destroy, and check if this ep is already destroyed before dumping this ep. Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdrver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|