redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net
History
Eric Dumazet 3257d8b12f inet: fix possible request socket leak 
In commit b357a364c5 ("inet: fix possible panic in
reqsk_queue_unlink()"), I missed fact that tcp_check_req()
can return the listener socket in one case, and that we must
release the request socket refcount or we leak it.

Tested:

 Following packetdrill test template shows the issue

0     socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0    setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0    bind(3, ..., ...) = 0
+0    listen(3, 1) = 0

+0    < S 0:0(0) win 2920 <mss 1460,sackOK,nop,nop>
+0    > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK>
+.002 < . 1:1(0) ack 21 win 2920
+0    > R 21:21(0)

Fixes: b357a364c5 ("inet: fix possible panic in reqsk_queue_unlink()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-08-10 21:17:45 -07:00
..
6lowpan
9p virtio/vhost: fixes for 4.2 2015-07-23 13:07:04 -07:00
802
8021q
appletalk
atm
ax25 NET: AX.25: Stop heartbeat timer on disconnect. 2015-07-15 15:59:58 -07:00
batman-adv batman-adv: initialize up/down values when adding a gateway 2015-08-05 00:31:47 +02:00
bluetooth Bluetooth: Fix NULL pointer dereference in smp_conn_security 2015-07-23 16:41:24 +02:00
bridge bridge: netlink: account for the IFLA_BRPORT_PROXYARP_WIFI attribute size and policy 2015-08-06 23:54:42 -07:00
caif caif: fix leaks and race in caif_queue_rcv_skb() 2015-07-21 00:02:44 -07:00
can can: replace timestamp as unique skb attribute 2015-07-12 21:13:22 +02:00
ceph libceph: treat sockaddr_storage with uninitialized family as blank 2015-07-09 20:30:34 +03:00
core inet: fix races with reqsk timers 2015-08-10 21:17:29 -07:00
dcb
dccp tcp: fix recv with flags MSG_WAITALL | MSG_PEEK 2015-07-27 01:06:53 -07:00
decnet
dns_resolver
dsa net: dsa: Fix off-by-one in switch address parsing 2015-07-11 23:25:16 -07:00
ethernet
hsr
ieee802154 inet: frag: change *_frag_mem_limit functions to take netns_frags as argument 2015-07-26 21:00:14 -07:00
ipv4 inet: fix possible request socket leak 2015-08-10 21:17:45 -07:00
ipv6 inet: fix possible request socket leak 2015-08-10 21:17:45 -07:00
ipx
irda
iucv
key
l2tp
lapb
llc tcp: fix recv with flags MSG_WAITALL | MSG_PEEK 2015-07-27 01:06:53 -07:00
mac80211 cfg80211: use RTNL locked reg_can_beacon for IR-relaxation 2015-07-17 15:02:02 +02:00
mac802154
mpls
netfilter netfilter: conntrack: Use flags in nf_ct_tmpl_alloc() 2015-08-05 10:56:43 +02:00
netlabel
netlink netlink: make sure -EBUSY won't escape from netlink_insert 2015-08-10 10:59:10 -07:00
netrom
nfc
openvswitch openvswitch: Fix L4 checksum handling when dealing with IP fragments 2015-08-03 14:03:08 -07:00
packet packet: tpacket_snd(): fix signed/unsigned comparison 2015-07-29 00:09:58 -07:00
phonet
rds rds: fix an integer overflow test in rds_info_getsockopt() 2015-08-03 15:20:16 -07:00
rfkill
rose
rxrpc
sched act_mirred: avoid calling tcf_hash_release() when binding 2015-08-03 14:13:28 -07:00
sctp net: sctp: stop spamming klog with rfc6458, 5.3.2. deprecation warnings 2015-07-26 16:32:41 -07:00
sunrpc NFS client bugfixes for Linux 4.2 2015-07-28 09:37:44 -07:00
switchdev net: switchdev: don't abort unsupported operations 2015-07-11 21:29:55 -07:00
tipc net/tipc: initialize security state for new connection socket 2015-07-08 16:08:23 -07:00
unix
vmw_vsock
wimax
wireless cfg80211: use RTNL locked reg_can_beacon for IR-relaxation 2015-07-17 15:02:02 +02:00
x25
xfrm
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c