From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 8 May 2015 11:57:18 +0000 (+0200)
Subject: 3.14-stable patches
X-Git-Tag: v3.19.8~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1c212dc161622b4e6f0b26f73e5d2c68d5e62fd;p=thirdparty%2Fkernel%2Fstable-queue.git

3.14-stable patches

added patches:
	ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
---

diff --git a/queue-3.14/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch b/queue-3.14/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
new file mode 100644
index 00000000000..87ae931d29a
--- /dev/null
+++ b/queue-3.14/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
@@ -0,0 +1,32 @@
+From foo@baz Fri May  8 13:15:54 CEST 2015
+From: "David S. Miller" <davem@davemloft.net>
+Date: Fri, 1 May 2015 22:02:47 -0400
+Subject: [PATCH] ipv4: Missing sk_nulls_node_init() in ping_unhash().
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit a134f083e79fb4c3d0a925691e732c56911b4326 ]
+
+If we don't do that, then the poison value is left in the ->pprev
+backlink.
+
+This can cause crashes if we do a disconnect, followed by a connect().
+
+Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Reported-by: Wen Xu <hotdog3645@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ping.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/ipv4/ping.c
++++ b/net/ipv4/ping.c
+@@ -158,6 +158,7 @@ void ping_unhash(struct sock *sk)
+ 	if (sk_hashed(sk)) {
+ 		write_lock_bh(&ping_table.lock);
+ 		hlist_nulls_del(&sk->sk_nulls_node);
++		sk_nulls_node_init(&sk->sk_nulls_node);
+ 		sock_put(sk);
+ 		isk->inet_num = 0;
+ 		isk->inet_sport = 0;