Re: [PATCH] use after free in AF_ROSE

From: David S. Miller (qqfiztt.lpnnb@adsl.vbs.at)
Date: Thu Dec 11 2003 - 00:53:26 EET

Next message: David Quental: "Problems with uscc and kernel 2.6.0-test11"

Previous message: Ruben Navarro Huedo: "saupp + irc"
In reply to: Stephen Hemminger: "[PATCH] use after free in AF_ROSE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 10 Dec 2003 10:08:51 -0800
Stephen Hemminger <dnviia.smrcwaooz@sloth.org> wrote:

> Doing multiple protocol testing and get crashes with simple
> socket/close combo with AF_ROSE. The problem is that it
> dereferences the socket in rose_release after it has already been
> freed by rose_destroy_socket.
>
> This patch fixes that problem, and also uses sock_put to handle the
> case where rose_destroy_socket is called with sk_refcnt > 1 which
> might be possible if data comes in during close.

Applied, thanks a lot Stephen.
-
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to blvpxgf@newtel.com
More majordomo info at http://vger.kernel.org/majordomo-info.html

Next message: David Quental: "Problems with uscc and kernel 2.6.0-test11"
Previous message: Ruben Navarro Huedo: "saupp + irc"
In reply to: Stephen Hemminger: "[PATCH] use after free in AF_ROSE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 11 2003 - 00:55:01 EET