Cc: Justin Forbes <jmforbes@...>, Zwane Mwaikambo <zwane@...>, Theodore Ts'o <tytso@...>, Randy Dunlap <rdunlap@...>, Dave Jones <davej@...>, Chuck Wolber <chuckw@...>, Chris Wedgwood <reviews@...>, Michael Krufky <mkrufky@...>, Chuck Ebbert <cebbert@...>, Domenico Andreoli <cavokz@...>, <torvalds@...>, <akpm@...>, <alan@...>, <bunk@...>, Tony Battersby <tonyb@...>, David S. Miller <davem@...>
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tony Battersby <tonyb@cybernetics.com>
patch fa8705b00aeca19d91a1437b8a5cf865999b28f6 in mainline.
[NET]: sanitize kernel_accept() error path
If kernel_accept() returns an error, it may pass back a pointer to
freed memory (which the caller should ignore). Make it pass back NULL
instead for better safety.
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/socket.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/socket.c
+++ b/net/socket.c
@@ -2230,6 +2230,7 @@ int kernel_accept(struct socket *sock, s
err = sock->ops->accept(sock, *newsock, flags);
if (err < 0) {
sock_release(*newsock);
+ *newsock = NULL;
goto done;
}
--
-
