tcp: fix potential double free issue for fastopen_req - wireguard-linux

diff options

author	Wei Wang <weiwan@google.com>	2017-03-01 13:29:48 -0800
committer	David S. Miller <davem@davemloft.net>	2017-03-02 14:05:41 -0800
commit	7db92362d2fee5887f6b0c41653b8c9f8f5d6020 (patch)
tree	4d1b45575d0b490061671c4dddaa32f795013e59 /tools/perf/scripts/python/stat-cpi.py
parent	net: Introduce sk_clone_lock() error path routine (diff)
download	wireguard-linux-7db92362d2fee5887f6b0c41653b8c9f8f5d6020.tar.xz wireguard-linux-7db92362d2fee5887f6b0c41653b8c9f8f5d6020.zip

tcp: fix potential double free issue for fastopen_req

tp->fastopen_req could potentially be double freed if a malicious user does the following: 1. Enable TCP_FASTOPEN_CONNECT sockopt and do a connect() on the socket. 2. Call connect() with AF_UNSPEC to disconnect the socket. 3. Make this socket a listening socket by calling listen(). 4. Accept incoming connections and generate child sockets. All child sockets will get a copy of the pointer of fastopen_req. 5. Call close() on all sockets. fastopen_req will get freed multiple times. Fixes: 19f6d3f3c842 ("net/tcp-fastopen: Add new API support") Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Wei Wang <weiwan@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'tools/perf/scripts/python/stat-cpi.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: