diff options
author | Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp> | 2007-03-16 16:14:03 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-03-16 16:14:03 -0700 |
commit | d35690beda1429544d46c8eb34b2e3a8c37ab299 (patch) | |
tree | a9f87fa226d8f687c0072409ccb3c7ff0d60698d /net/ipv6 | |
parent | 53cdcc04c1e85d4e423b2822b66149b6f2e52c2c (diff) | |
download | kernel_samsung_smdk4412-d35690beda1429544d46c8eb34b2e3a8c37ab299.tar.gz kernel_samsung_smdk4412-d35690beda1429544d46c8eb34b2e3a8c37ab299.tar.bz2 kernel_samsung_smdk4412-d35690beda1429544d46c8eb34b2e3a8c37ab299.zip |
[IPV6]: ipv6_fl_socklist is inadvertently shared.
The ipv6_fl_socklist from listening socket is inadvertently shared
with new socket created for connection. This leads to a variety of
interesting, but fatal, bugs. For example, removing one of the
sockets may lead to the other socket's encountering a page fault
when the now freed list is referenced.
The fix is to not share the flow label list with the new socket.
Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index f57a9baa6b2..92f99927d12 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1453,6 +1453,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, First: no IPv4 options. */ newinet->opt = NULL; + newnp->ipv6_fl_list = NULL; /* Clone RX bits */ newnp->rxopt.all = np->rxopt.all; |