Quoting Dan Smith (danms@xxxxxxxxxx):
> +static int sock_unix_checkpoint(struct ckpt_ctx *ctx,
> + struct socket *socket,
> + struct ckpt_hdr_socket *h)
> +{
> + struct unix_sock *sk = unix_sk(socket->sk);
> + struct unix_sock *pr = unix_sk(sk->peer);
> + struct ckpt_hdr_socket_unix *un;
> + int new;
> + int ret = -ENOMEM;
> +
> + if ((socket->sk->sk_state == TCP_LISTEN) &&
> + !skb_queue_empty(&socket->sk->sk_receive_queue)) {
> + ckpt_write_err(ctx, "listening socket has unaccepted peers");
> + return -EBUSY;
> + }
> +
> + un = ckpt_hdr_get_type(ctx, sizeof(*un), CKPT_HDR_SOCKET_UNIX);
> + if (!un)
> + goto out;
...
> + out:
> + ckpt_hdr_put(ctx, un);
This will cause a null deref trying to get ptr->len in ckpt_hdr_put().
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
