From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> Date: Fri, 8 Jan 2016 11:00:54 -0200 > Dmitry Vyukov reported a use-after-free in the code expanded by the > macro debug_post_sfx, which is caused by the use of the asoc pointer > after it was freed within sctp_side_effect() scope. > > This patch fixes it by allowing sctp_side_effect to clear that asoc > pointer when the TCB is freed. > > As Vlad explained, we also have to cover the SCTP_DISPOSITION_ABORT case > because it will trigger DELETE_TCB too on that same loop. > > Also, there were places issuing SCTP_CMD_INIT_FAILED and ASSOC_FAILED > but returning SCTP_DISPOSITION_CONSUME, which would fool the scheme > above. Fix it by returning SCTP_DISPOSITION_ABORT instead. > > The macro is already prepared to handle such NULL pointer. > > Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> Applied, thank you. -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
