diff options
| author | James Chapman <jchapman@katalix.com> | 2012-05-29 23:13:23 +0000 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2012-06-10 00:33:02 +0900 |
| commit | 3dc6bc132f2afce8da98e0f047c4cc8ae569d6cb (patch) | |
| tree | 04efc120f37fc3ae320a0c4a4de71ab71f004091 /block/blk-map.c | |
| parent | 5111df358197ca9c5001bf2bb542fc8c346bb5b5 (diff) | |
| download | kernel_samsung_aries-3dc6bc132f2afce8da98e0f047c4cc8ae569d6cb.zip kernel_samsung_aries-3dc6bc132f2afce8da98e0f047c4cc8ae569d6cb.tar.gz kernel_samsung_aries-3dc6bc132f2afce8da98e0f047c4cc8ae569d6cb.tar.bz2 | |
l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case
[ Upstream commit c51ce49735c183ef2592db70f918ee698716276b ]
An application may call connect() to disconnect a socket using an
address with family AF_UNSPEC. The L2TP IP sockets were not handling
this case when the socket is not bound and an attempt to connect()
using AF_UNSPEC in such cases would result in an oops. This patch
addresses the problem by protecting the sk_prot->disconnect() call
against trying to unhash the socket before it is bound.
The patch also adds more checks that the sockaddr supplied to bind()
and connect() calls is valid.
RIP: 0010:[<ffffffff82e133b0>] [<ffffffff82e133b0>] inet_unhash+0x50/0xd0
RSP: 0018:ffff88001989be28 EFLAGS: 00010293
Stack:
ffff8800407a8000 0000000000000000 ffff88001989be78 ffffffff82e3a249
ffffffff82e3a050 ffff88001989bec8 ffff88001989be88 ffff8800407a8000
0000000000000010 ffff88001989bec8 ffff88001989bea8 ffffffff82e42639
Call Trace:
[<ffffffff82e3a249>] udp_disconnect+0x1f9/0x290
[<ffffffff82e42639>] inet_dgram_connect+0x29/0x80
[<ffffffff82d012fc>] sys_connect+0x9c/0x100
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'block/blk-map.c')
0 files changed, 0 insertions, 0 deletions