[PATCH] 2.2.23 wild pointer in struct sock

Smolinski (hsmolin@bawue.de)
Thu, 19 Dec 2002 14:09:52 +0100 (CET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ian Soboroff: "Re: Trident/ALi 5451 problem, 2.4.20-ac2"
Previous message: Alan Cox: "Re: Linux 2.2.24-rc1"

Hi Andi,
this patch fixes a occurrence of a wild pointer in the cloned
struct sock, after SYN has been received. Kernel 2.4. resolves the
situation in the same way. Pls. apply.

Holger Smolinski

Index: net/core/sock.c
===================================================================
RCS file: /home/cvs/linux/net/core/sock.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 sock.c
--- net/core/sock.c 5 Jan 2000 13:50:34 -0000 1.1.1.1
+++ net/core/sock.c 18 Dec 2002 09:18:05 -0000
@@ -79,6 +79,7 @@
* Jay Schulist : Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
* Andi Kleen : Add sock_kmalloc()/sock_kfree_s()
* Andi Kleen : Fix write_space callback
+ * Holger Smolinski: Fix initialization of sk->sleep
*
* To Fix:
*
@@ -1036,6 +1037,8 @@
sk->type = sock->type;
sk->sleep = &sock->wait;
sock->sk = sk;
+ } else {
+ sk->sleep = NULL;
}

sk->state_change = sock_def_wakeup;
Index: net/ipv4/tcp_ipv4.c
===================================================================
RCS file: /home/cvs/linux/net/ipv4/tcp_ipv4.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 tcp_ipv4.c
--- net/ipv4/tcp_ipv4.c 5 Jan 2000 13:50:34 -0000 1.1.1.1
+++ net/ipv4/tcp_ipv4.c 18 Dec 2002 09:18:05 -0000
@@ -44,7 +44,9 @@
* Andi Kleen: various fixes.
* Vitaly E. Lavrov : Transparent proxy revived after year coma.
* Andi Kleen : Fix new listen.
- * Andi Kleen : Fix accept error reporting.
+ * Andi Kleen : Fix accept error reporting.a
+ * Holger Smolinski : Fix initialization of newsk->sleep which
+ * points to a potentially invalid wait_queue
*/

#include <linux/config.h>
@@ -1464,6 +1466,7 @@
newsk->timer.function = &net_timer;
newsk->timer.data = (unsigned long) newsk;
newsk->socket = NULL;
+ newsk->sleep = NULL;

newtp->tstamp_ok = req->tstamp_ok;
if((newtp->sack_ok = req->sack_ok) != 0)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ian Soboroff: "Re: Trident/ALi 5451 problem, 2.4.20-ac2"
Previous message: Alan Cox: "Re: Linux 2.2.24-rc1"