Commit d3df6720 authored by David S. Miller's avatar David S. Miller Committed by Ben Hutchings

ipv4: Missing sk_nulls_node_init() in ping_unhash().

commit a134f083 upstream.

If we don't do that, then the poison value is left in the ->pprev
backlink.

This can cause crashes if we do a disconnect, followed by a connect().
Tested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Reported-by: default avatarWen Xu <hotdog3645@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 470e517b
...@@ -139,6 +139,7 @@ static void ping_v4_unhash(struct sock *sk) ...@@ -139,6 +139,7 @@ static void ping_v4_unhash(struct sock *sk)
if (sk_hashed(sk)) { if (sk_hashed(sk)) {
write_lock_bh(&ping_table.lock); write_lock_bh(&ping_table.lock);
hlist_nulls_del(&sk->sk_nulls_node); hlist_nulls_del(&sk->sk_nulls_node);
sk_nulls_node_init(&sk->sk_nulls_node);
sock_put(sk); sock_put(sk);
isk->inet_num = isk->inet_sport = 0; isk->inet_num = isk->inet_sport = 0;
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment