Re: [PATCH] DCCP: Fix double free of skb which may cause kernel panic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gerrit Renker wrote:
Hi, Gerrit Renker

Please ignore this mail, I will sent the patch again after the patch is witten correctly.

Yes indeed - there is a valid point here but it needs a bit more investigation.

There are several paths for the control flow in dccp_v6_ctl_send_reset().
I am further wondering, since dccp_v4_ctl_send_reset() is similar, if
you can trigger the same condition in DCCPv4?

Can not test this at the moment, probably not before today.

This is happened when I write test case, and can be test again. The IPv4 has no problem. I test this used send REQUEST to endpoint with bad option, and the first time nothing happend, the second time kernel panic is happened. But this problem it is not cause by kree_skb of dccp_v6_ctl_send_reset(), it has no problem since it not free skb while skb is sent correctly.

Gerrit

--
To unsubscribe from this list: send the line "unsubscribe dccp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel]     [IETF DCCP]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux