Patchwork ax25: Fix possible oops in ax25_make_new

login
register
mail settings
Submitter Jarek Poplawski
Date Sept. 27, 2009, 8:57 p.m.
Message ID <20090927205701.GA7205@del.dom.local>
Download mbox | patch
Permalink /patch/34356/
State Accepted
Delegated to: David Miller
Headers show

Comments

Jarek Poplawski - Sept. 27, 2009, 8:57 p.m.
In ax25_make_new, if kmemdup of digipeat returns an error, there would
be an oops in sk_free while calling sk_destruct, because sk_protinfo
is NULL at the moment; move sk->sk_destruct initialization after this.

BTW of reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr>

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
---

 net/ax25/af_ax25.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Bernard Pidoux F6BVP - Sept. 28, 2009, 10:47 a.m.
Applied.
Thanks.

Bernard

Jarek Poplawski a écrit :
> In ax25_make_new, if kmemdup of digipeat returns an error, there would
> be an oops in sk_free while calling sk_destruct, because sk_protinfo
> is NULL at the moment; move sk->sk_destruct initialization after this.
> 
> BTW of reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr>
> 
> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
> ---
> 
>  net/ax25/af_ax25.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
> index fbcac76..9884639 100644
> --- a/net/ax25/af_ax25.c
> +++ b/net/ax25/af_ax25.c
> @@ -900,7 +900,6 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
>  
>  	sock_init_data(NULL, sk);
>  
> -	sk->sk_destruct = ax25_free_sock;
>  	sk->sk_type     = osk->sk_type;
>  	sk->sk_priority = osk->sk_priority;
>  	sk->sk_protocol = osk->sk_protocol;
> @@ -938,6 +937,7 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
>  	}
>  
>  	sk->sk_protinfo = ax25;
> +	sk->sk_destruct = ax25_free_sock;
>  	ax25->sk    = sk;
>  
>  	return sk;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-hams" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - Sept. 30, 2009, 11:44 p.m.
From: Jarek Poplawski <jarkao2@gmail.com>
Date: Sun, 27 Sep 2009 22:57:02 +0200

> In ax25_make_new, if kmemdup of digipeat returns an error, there would
> be an oops in sk_free while calling sk_destruct, because sk_protinfo
> is NULL at the moment; move sk->sk_destruct initialization after this.
> 
> BTW of reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr>
> 
> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>

Applied and queued up for -stable, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index fbcac76..9884639 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -900,7 +900,6 @@  struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
 
 	sock_init_data(NULL, sk);
 
-	sk->sk_destruct = ax25_free_sock;
 	sk->sk_type     = osk->sk_type;
 	sk->sk_priority = osk->sk_priority;
 	sk->sk_protocol = osk->sk_protocol;
@@ -938,6 +937,7 @@  struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
 	}
 
 	sk->sk_protinfo = ax25;
+	sk->sk_destruct = ax25_free_sock;
 	ax25->sk    = sk;
 
 	return sk;