[PATCH 4.4 11/20] ax25: Fix segfault after sock connection timeout

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Basil Gunn <basil@pacabunga.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 11/20] ax25: Fix segfault after sock connection timeout
Date: Thu,  2 Feb 2017 19:33:44 +0100	[thread overview]
Message-ID: <20170202183309.509959381@linuxfoundation.org> (raw)
In-Reply-To: <20170202183308.733256820@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Basil Gunn <basil@pacabunga.com>


[ Upstream commit 8a367e74c0120ef68c8c70d5a025648c96626dff ]

The ax.25 socket connection timed out & the sock struct has been
previously taken down ie. sock struct is now a NULL pointer. Checking
the sock_flag causes the segfault.  Check if the socket struct pointer
is NULL before checking sock_flag. This segfault is seen in
timed out netrom connections.

Please submit to -stable.

Signed-off-by: Basil Gunn <basil@pacabunga.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ax25/ax25_subr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ax25/ax25_subr.c
+++ b/net/ax25/ax25_subr.c
@@ -264,7 +264,7 @@ void ax25_disconnect(ax25_cb *ax25, int
 {
 	ax25_clear_queues(ax25);
 
-	if (!sock_flag(ax25->sk, SOCK_DESTROY))
+	if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY))
 		ax25_stop_heartbeat(ax25);
 	ax25_stop_t1timer(ax25);
 	ax25_stop_t2timer(ax25);

next prev parent reply	other threads:[~2017-02-02 18:34 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-02 18:33 [PATCH 4.4 00/20] 4.4.47-stable review Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 01/20] r8152: fix the sw rx checksum is unavailable Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 02/20] mlxsw: spectrum: Fix memory leak at skb reallocation Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 03/20] mlxsw: switchx2: " Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 04/20] mlxsw: pci: Fix EQE structure definition Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 05/20] net: lwtunnel: Handle lwtunnel_fill_encap failure Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 06/20] net: ipv4: fix table id in getroute response Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 07/20] net: systemport: Decouple flow control from __bcm_sysport_tx_reclaim Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 08/20] tcp: fix tcp_fastopen unaligned access complaints on sparc Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 09/20] openvswitch: maintain correct checksum state in conntrack actions Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 10/20] ravb: do not use zero-length alignment DMA descriptor Greg Kroah-Hartman
2017-02-02 18:33 ` Greg Kroah-Hartman [this message]
2017-02-02 18:33 ` [PATCH 4.4 12/20] net: fix harmonize_features() vs NETIF_F_HIGHDMA Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 13/20] net: phy: bcm63xx: Utilize correct config_intr function Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 14/20] ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 15/20] tcp: initialize max window for a new fastopen socket Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 16/20] bridge: netlink: call br_changelink() during br_dev_newlink() Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 17/20] r8152: dont execute runtime suspend if the tx is not empty Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 18/20] af_unix: move unix_mknod() out of bindlock Greg Kroah-Hartman
2017-02-02 18:33 ` [PATCH 4.4 20/20] net: dsa: Bring back device detaching in dsa_slave_suspend() Greg Kroah-Hartman
2017-02-02 20:34 ` [PATCH 4.4 00/20] 4.4.47-stable review Shuah Khan
2017-02-03  5:13 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170202183309.509959381@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=basil@pacabunga.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.