[PATCH] ax25: Fix possible oops in ax25_make_new

Re: [AX25] kernel panic · Jarek Poplawski <hidden> · 2009-09-21
Re: [AX25] kernel panic · Bernard Pidoux F6BVP <hidden> · 2009-09-23
Re: [AX25] kernel panic · Jarek Poplawski <hidden> · 2009-09-24
[PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Jarek Poplawski <hidden> · 2009-09-25
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Ralf Baechle DL5RB <hidden> · 2009-09-25
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Jarek Poplawski <hidden> · 2009-09-25
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · David Miller <davem@davemloft.net> · 2009-09-25
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Bernard Pidoux <hidden> · 2009-09-25
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Jarek Poplawski <hidden> · 2009-09-25
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Ralf Baechle DL5RB <hidden> · 2009-09-27
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Jarek Poplawski <hidden> · 2009-09-27
Re: [PATCH] ax25: Fix ax25_cb refcounting in ax25_ctl_ioctl · Jarek Poplawski <hidden> · 2009-09-27
[PATCH] ax25: Fix possible oops in ax25_make_new · Jarek Poplawski <hidden> · 2009-09-27
Re: [PATCH] ax25: Fix possible oops in ax25_make_new · Bernard Pidoux F6BVP <hidden> · 2009-09-28
Re: [PATCH] ax25: Fix possible oops in ax25_make_new · David Miller <davem@davemloft.net> · 2009-09-30
[PATCH] ax25: Add missing dev_put in ax25_setsockopt · Jarek Poplawski <hidden> · 2009-09-28
Re: [PATCH] ax25: Add missing dev_put in ax25_setsockopt · Bernard Pidoux F6BVP <hidden> · 2009-09-28
[PATCH] ax25: Add missing dev_put in ax25_setsockopt · Ralf Baechle <hidden> · 2009-09-28
Re: [PATCH] ax25: Add missing dev_put in ax25_setsockopt · Bernard Pidoux <hidden> · 2009-09-28
Re: [PATCH] ax25: Add missing dev_put in ax25_setsockopt · David Miller <davem@davemloft.net> · 2009-09-28

STALE6087d

From: Jarek Poplawski <hidden>
Date: 2009-09-27 20:58:18
Also in: linux-hams
Subsystem: networking [general], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds

In ax25_make_new, if kmemdup of digipeat returns an error, there would
be an oops in sk_free while calling sk_destruct, because sk_protinfo
is NULL at the moment; move sk->sk_destruct initialization after this.

BTW of reported-by: Bernard Pidoux F6BVP [off-list ref]

Signed-off-by: Jarek Poplawski <redacted>
---

 net/ax25/af_ax25.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index fbcac76..9884639 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c

@@ -900,7 +900,6 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
 
 	sock_init_data(NULL, sk);
 
-	sk->sk_destruct = ax25_free_sock;
 	sk->sk_type     = osk->sk_type;
 	sk->sk_priority = osk->sk_priority;
 	sk->sk_protocol = osk->sk_protocol;

@@ -938,6 +937,7 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
 	}
 
 	sk->sk_protinfo = ax25;
+	sk->sk_destruct = ax25_free_sock;
 	ax25->sk    = sk;
 
 	return sk;

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help