> I would be inclined to say that this is a hitherto undiscovered
> use-after-free bug.
Does the following fix it?
Cheers,
Trond
--- linux-2.5.69/net/sunrpc/svcsock.c.orig 2003-05-20 08:34:35.000000000 +0200
+++ linux-2.5.69/net/sunrpc/svcsock.c 2003-05-26 01:16:33.000000000 +0200
@@ -600,6 +600,7 @@
return 0;
}
local_bh_enable();
+ svsk->sk_sk->stamp = skb->stamp;
skb_free_datagram(svsk->sk_sk, skb);
} else {
/* we can use it in-place */
@@ -614,6 +615,7 @@
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
rqstp->rq_skbuff = skb;
+ svsk->sk_sk->stamp = skb->stamp;
}
rqstp->rq_arg.page_base = 0;
@@ -629,7 +631,6 @@
serv->sv_stats->netudpcnt++;
/* One down, maybe more to go... */
- svsk->sk_sk->stamp = skb->stamp;
svc_sock_received(svsk);
return len;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/