diff options
author | Xin Long <lucien.xin@gmail.com> | 2017-09-15 05:02:48 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-09-15 23:51:15 +0200 |
commit | 8c7c19a55e41ae69d1cd18ab56e6e9b66a679a7c (patch) | |
tree | e41b66148295d87976db3bd0f1514bc97fd86da8 /net/sctp | |
parent | sctp: fix an use-after-free issue in sctp_sock_dump (diff) | |
download | linux-8c7c19a55e41ae69d1cd18ab56e6e9b66a679a7c.tar.xz linux-8c7c19a55e41ae69d1cd18ab56e6e9b66a679a7c.zip |
sctp: do not mark sk dumped when inet_sctp_diag_fill returns err
sctp_diag would not actually dump out sk/asoc if inet_sctp_diag_fill
returns err, in which case it shouldn't mark sk dumped by setting
cb->args[3] as 1 in sctp_sock_dump().
Otherwise, it could cause some asocs to have no parent's sk dumped
in 'ss --sctp'.
So this patch is to not set cb->args[3] when inet_sctp_diag_fill()
returns err in sctp_sock_dump().
Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp')
-rw-r--r-- | net/sctp/sctp_diag.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/net/sctp/sctp_diag.c b/net/sctp/sctp_diag.c index 7008a992749b..22ed01a76b19 100644 --- a/net/sctp/sctp_diag.c +++ b/net/sctp/sctp_diag.c @@ -309,7 +309,6 @@ static int sctp_sock_dump(struct sctp_transport *tsp, void *p) cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh, commp->net_admin) < 0) { - cb->args[3] = 1; err = 1; goto release; } |