From: Tony Battersby <tonyb@cybernetics.com>
Date: Tue, 23 Oct 2007 10:10:10 +0000 (-0700)
Subject: Fix kernel_accept() return handling.
X-Git-Tag: v2.6.23.4~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfebbe5fa7f4a2ec9f3b9edd56b877dc5c06f6a0;p=thirdparty%2Fkernel%2Fstable.git

Fix kernel_accept() return handling.

patch fa8705b00aeca19d91a1437b8a5cf865999b28f6 in mainline.

[NET]: sanitize kernel_accept() error path

If kernel_accept() returns an error, it may pass back a pointer to
freed memory (which the caller should ignore).  Make it pass back NULL
instead for better safety.

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/net/socket.c b/net/socket.c
index b09eb9036a17a..a0575243ef7ab 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2230,6 +2230,7 @@ int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
 	err = sock->ops->accept(sock, *newsock, flags);
 	if (err < 0) {
 		sock_release(*newsock);
+		*newsock = NULL;
 		goto done;
 	}