mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-17 06:17:35 +00:00
sctp: fix potential reference of a freed pointer
When sctp attempts to update an assocition, it removes any addresses that were not in the updated INITs. However, the loop may attempt to refrence a transport with address after removing it. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
561b1733a4
commit
0c42749cff
@ -1194,8 +1194,10 @@ void sctp_assoc_update(struct sctp_association *asoc,
|
|||||||
/* Remove any peer addresses not present in the new association. */
|
/* Remove any peer addresses not present in the new association. */
|
||||||
list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
|
list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
|
||||||
trans = list_entry(pos, struct sctp_transport, transports);
|
trans = list_entry(pos, struct sctp_transport, transports);
|
||||||
if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr))
|
if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) {
|
||||||
sctp_assoc_del_peer(asoc, &trans->ipaddr);
|
sctp_assoc_rm_peer(asoc, trans);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if (asoc->state >= SCTP_STATE_ESTABLISHED)
|
if (asoc->state >= SCTP_STATE_ESTABLISHED)
|
||||||
sctp_transport_reset(trans);
|
sctp_transport_reset(trans);
|
||||||
|
Loading…
Reference in New Issue
Block a user