In iscsi_target_setup_login_socket()
/*
* The SCTP stack needs struct socket->file.
*/
if ((np->np_network_transport == ISCSI_SCTP_TCP) ||
(np->np_network_transport == ISCSI_SCTP_UDP)) {
if (!sock->file) {
sock->file = kzalloc(sizeof(struct file), GFP_KERNEL);
and similar bit slightly below are utterly bogus. In the best case the comment
is BS and SCTP actually doesn't give a damn about having non-NULL sock->file.
Assuming that this Fine Piece Of Software actually manages to deal with
all codepaths that might kill that sock, that is.
In the worst case, we end up leaking stuff or passing that object to something
that expect real struct file *. In which case we are well and truly screwed.
Could somebody familiar with the code in question (iscsi and sctp) explain
what the hell is going on?
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
