• V
    ipv6: Fix NULL pointer dereference with time-wait sockets · 499923c7
    Vlad Yasevich 提交于
    Commit b2f5e7cd
    (ipv6: Fix conflict resolutions during ipv6 binding)
    introduced a regression where time-wait sockets were
    not treated correctly.  This resulted in the following:
    
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000062
    IP: [<ffffffff805d7d61>] ipv4_rcv_saddr_equal+0x61/0x70
    ...
    Call Trace:
    [<ffffffffa033847b>] ipv6_rcv_saddr_equal+0x1bb/0x250 [ipv6]
    [<ffffffffa03505a8>] inet6_csk_bind_conflict+0x88/0xd0 [ipv6]
    [<ffffffff805bb18e>] inet_csk_get_port+0x1ee/0x400
    [<ffffffffa0319b7f>] inet6_bind+0x1cf/0x3a0 [ipv6]
    [<ffffffff8056d17c>] ? sockfd_lookup_light+0x3c/0xd0
    [<ffffffff8056ed49>] sys_bind+0x89/0x100
    [<ffffffff80613ea2>] ? trace_hardirqs_on_thunk+0x3a/0x3c
    [<ffffffff8020bf9b>] system_call_fastpath+0x16/0x1b
    Tested-by: NBrian Haley <brian.haley@hp.com>
    Tested-by: NEd Tomlinson <edt@aei.ca>
    Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    499923c7
udp.c 28.2 KB