From: Basil Gunn <basil@pacabunga.com>
To: Joerg Reuter <jreuter@yaina.de>,
Ralf Baechle <ralf@linux-mips.org>,
"David S. Miller" <davem@davemloft.net>,
linux-hams@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org, Jeremy McDermond <mcdermj@xenotropic.com>,
f6bvp <f6bvp@free.fr>
Subject: [PATCH 1/1] ax25: Fix segfault after sock connection timeout
Date: Sat, 14 Jan 2017 12:18:55 -0800 [thread overview]
Message-ID: <20170114121855.62254455@brox.localnet> (raw)
The ax.25 socket connection timed out & the sock struct has been
previously taken down ie. sock struct is now a NULL pointer. Checking
the sock_flag causes the segfault. Check if the socket struct pointer
is NULL before checking sock_flag. This segfault is seen in
timed out netrom connections.
Please submit to -stable.
Signed-off-by: Basil Gunn <basil@pacabunga.com>
---
diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c
index 4855d18..038b109 100644
--- a/net/ax25/ax25_subr.c
+++ b/net/ax25/ax25_subr.c
@@ -264,7 +264,7 @@ void ax25_disconnect(ax25_cb *ax25, int reason)
{
ax25_clear_queues(ax25);
- if (!sock_flag(ax25->sk, SOCK_DESTROY))
+ if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY))
ax25_stop_heartbeat(ax25);
ax25_stop_t1timer(ax25);
ax25_stop_t2timer(ax25);
next reply other threads:[~2017-01-14 20:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-14 20:18 Basil Gunn [this message]
2017-01-16 19:40 ` [PATCH 1/1] ax25: Fix segfault after sock connection timeout David Miller
[not found] ` <1a4ee351-031c-932e-0332-779ce33e90e6@trinnet.net>
[not found] ` <20170201080217.4d8443bb@brox.localnet>
[not found] ` <3e3f25fc-fc60-c01b-1139-245284200656@trinnet.net>
[not found] ` <39dad041-f224-735e-adb7-e0fb42771858@free.fr>
[not found] ` <25ee9245-3595-85f7-93b8-a18d6066a2e3@free.fr>
[not found] ` <07a1454e-99a2-8cec-d50a-006257687c2e@free.fr>
[not found] ` <12e0547b-cb2c-1ca0-abc0-d849d8a62139@trinnet.net>
[not found] ` <3d0e170e-3995-84d0-007e-3d2065296237@free.fr>
[not found] ` <9f9dba49-c2a5-41e8-9382-9154802e7fbf@trinnet.net>
[not found] ` <20170327163641.0f992e2d@brox.localnet>
[not found] ` <06ce7640-bbd6-dd5e-05d9-f1afcec680e5@free.fr>
[not found] ` <309904235.63498.1492029796017@ox-groupware.bfs.de>
[not found] ` <6bd2a0b4-12b0-0de0-7bc2-e911d3ab4446@free.fr>
[not found] ` <a4f993a0-b12a-f3e6-455c-16ea2da28737@trinnet.net>
[not found] ` <74b515a0-0de1-ebaf-a874-b55f2b682efe@free.fr>
[not found] ` <4188542e-1404-badc-cc8d-8bb07cb6d55a@free.fr>
[not found] ` <969c06f8-572b-db66-3ebb-1e02205461fa@trinnet.net>
[not found] ` <b20c7da4-66f5-0f6b-ac21-41ab075b9d69@free.fr>
[not found] ` <21e6f319-f0cf-276e-a374-d44c9bd8827e@free.fr>
2019-01-02 11:52 ` [ROSE] rose dereferenced pointer kernel panic Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170114121855.62254455@brox.localnet \
--to=basil@pacabunga.com \
--cc=davem@davemloft.net \
--cc=f6bvp@free.fr \
--cc=jreuter@yaina.de \
--cc=linux-hams@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcdermj@xenotropic.com \
--cc=netdev@vger.kernel.org \
--cc=ralf@linux-mips.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).