[PATCH] 2.2.23 wild pointer in struct sock

From: Smolinski (hsmolin@bawue.de)
Date: Thu Dec 19 2002 - 08:09:52 EST

Next message: Stephen Satchell: "Re: Freezing.. (was Re: Intel P6 vs P7 system call performance)"
Previous message: Richard B. Johnson: "Re: Intel P6 vs P7 system call performance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andi,
this patch fixes a occurrence of a wild pointer in the cloned
struct sock, after SYN has been received. Kernel 2.4. resolves the
situation in the same way. Pls. apply.

Holger Smolinski

Index: net/core/sock.c
===================================================================
RCS file: /home/cvs/linux/net/core/sock.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 sock.c
--- net/core/sock.c 5 Jan 2000 13:50:34 -0000 1.1.1.1
+++ net/core/sock.c 18 Dec 2002 09:18:05 -0000
@@ -79,6 +79,7 @@
  * Jay Schulist : Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
  * Andi Kleen : Add sock_kmalloc()/sock_kfree_s()
  * Andi Kleen : Fix write_space callback
+ * Holger Smolinski: Fix initialization of sk->sleep
  *
  * To Fix:
  *
@@ -1036,6 +1037,8 @@
                 sk->type = sock->type;
                 sk->sleep = &sock->wait;
                 sock->sk = sk;
+ } else {
+ sk->sleep = NULL;
         }

         sk->state_change = sock_def_wakeup;
Index: net/ipv4/tcp_ipv4.c
===================================================================
RCS file: /home/cvs/linux/net/ipv4/tcp_ipv4.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 tcp_ipv4.c
--- net/ipv4/tcp_ipv4.c 5 Jan 2000 13:50:34 -0000 1.1.1.1
+++ net/ipv4/tcp_ipv4.c 18 Dec 2002 09:18:05 -0000
@@ -44,7 +44,9 @@
  * Andi Kleen: various fixes.
  * Vitaly E. Lavrov : Transparent proxy revived after year coma.
  * Andi Kleen : Fix new listen.
- * Andi Kleen : Fix accept error reporting.
+ * Andi Kleen : Fix accept error reporting.a
+ * Holger Smolinski : Fix initialization of newsk->sleep which
+ * points to a potentially invalid wait_queue
  */

#include <linux/config.h>
@@ -1464,6 +1466,7 @@
                 newsk->timer.function = &net_timer;
                 newsk->timer.data = (unsigned long) newsk;
                 newsk->socket = NULL;
+ newsk->sleep = NULL;

                 newtp->tstamp_ok = req->tstamp_ok;
                 if((newtp->sack_ok = req->sack_ok) != 0)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Satchell: "Re: Freezing.. (was Re: Intel P6 vs P7 system call performance)"
Previous message: Richard B. Johnson: "Re: Intel P6 vs P7 system call performance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Dec 23 2002 - 22:00:23 EST