提交 a383292c 编写于 作者: H Herbert Xu

crypto: af_alg - Fix socket double-free when accept fails

When we fail an accept(2) call we will end up freeing the socket
twice, once due to the direct sk_free call and once again through
newsock.

This patch fixes this by removing the sk_free call.

Cc: stable@vger.kernel.org
Reported-by: NDmitry Vyukov <dvyukov@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
上级 c840ac6a
...@@ -285,10 +285,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) ...@@ -285,10 +285,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
security_sk_clone(sk, sk2); security_sk_clone(sk, sk2);
err = type->accept(ask->private, sk2); err = type->accept(ask->private, sk2);
if (err) { if (err)
sk_free(sk2);
goto unlock; goto unlock;
}
sk2->sk_family = PF_ALG; sk2->sk_family = PF_ALG;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册