On Tue, 9 Mar 2004 18:05:48 -0800 (PST)
Krishna Kumar [off-list ref] wrote:

Patch1 :
--------
I think every socket can leak memory when it allocates a cork.opt and
calls ip_append_data()/ip_push_pending_frames(). This get released in
ip_flush_pending_frames() which may not get called.

Looks correct, applied.

Patch2 :
---------
I am not sure about this possible bug which is the RFC part of the
subject. In IPv6 ip6_append_data(), if it is possible to add extra ipv6
options during multiple calls to append_data(), then the check for
cork.opt could end up panicing the system because it is allocated
for a smaller size of options. If this is a problem, then ipv4 might have
a similar issue too. Note: Patch2 has a question embedded in it, I can
send a better patch if you think the idea is right.

This is possible, but an APP trying to do this is buggy as I cannot
see any sane semantics for this.

I would rather we -EINVAL on such socket option changes if cork.opt is
non-NULL.  Could you whip up a patch for that?  Thanks.