crypto: af_alg - Fix socket double-free when accept fails

commit a383292c upstream. When we fail an accept(2) call we will end up freeing the socket twice, once due to the direct sk_free call and once again through newsock. This patch fixes this by removing the sk_free call. Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Kamal Mostafa <kamal@canonical.com>

crypto: af_alg - Fix socket double-free when accept fails
commit a383292c upstream. When we fail an accept(2) call we will end up freeing the socket twice, once due to the direct sk_free call and once again through newsock. This patch fixes this by removing the sk_free call. Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
b37fa326 · Herbert Xu · Kamal Mostafa · 5a88170a · b37fa326
Commit b37fa326 authored Dec 30, 2015 by Herbert Xu Committed by Kamal Mostafa Jan 28, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 3 deletions

crypto/af_alg.c crypto/af_alg.c +1 -3

No files found.
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -275,10 +275,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
 	security_sk_clone(sk, sk2);
 	err = type->accept(ask->private, sk2);
-	if (err) {
+	if (err)
-		sk_free(sk2);
 		goto unlock;
-	}
 	sk2->sk_family = PF_ALG;