openharmony/kernel_linux
1
0
Fork 0
mirror of https://gitee.com/openharmony/kernel_linux synced 2025-02-26 14:46:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tcp: Fix slab corruption with ipv6 and tcp6fuzz

Browse Source 
From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>

This fixes a regression added by ec3c0982a2dd1e671bad8e9d26c28dcba0039d87
("[TCP]: TCP_DEFER_ACCEPT updates - process as established")

tcp_v6_do_rcv()->tcp_rcv_established(), the latter goes to step5, where
eventually skb can be freed via tcp_data_queue() (drop: label), then if
check for tcp_defer_accept_check() returns true and thus
tcp_rcv_established() returns -1, which forces tcp_v6_do_rcv() to jump
to reset: label, which in turn will pass through discard: label and free
the same skb again.

Tested by Eric Sesterhenn.

Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-By: Patrick McManus <mcmanus@ducksong.com>
This commit is contained in:
Evgeniy Polyakov 2008-04-27 15:27:30 -07:00 committed by David S. Miller
parent dae5029548
commit 9ae27e0adb
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/ipv4/tcp_input.c
View File

@ -4925,8 +4925,7 @@ step5:
tcp_data_snd_check(sk);
tcp_ack_snd_check(sk);
if (tcp_defer_accept_check(sk))
return -1;
tcp_defer_accept_check(sk);
return 0;
csum_error: