@@ -1550,6 +1550,7 @@ struct sk_buff *sock_rmalloc(struct sock *sk, unsigned long size, int force,
void sock_wfree(struct sk_buff *skb);
void skb_orphan_partial(struct sk_buff *skb);
void sock_rfree(struct sk_buff *skb);
+void sock_efree(struct sk_buff *skb);
void sock_edemux(struct sk_buff *skb);
int sock_setsockopt(struct socket *sock, int level, int op,
@@ -1676,6 +1676,12 @@ void sock_rfree(struct sk_buff *skb)
}
EXPORT_SYMBOL(sock_rfree);
+void sock_efree(struct sk_buff *skb)
+{
+ sock_put(skb->sk);
+}
+EXPORT_SYMBOL(sock_efree);
+
void sock_edemux(struct sk_buff *skb)
{
struct sock *sk = skb->sk;
CVE-2017-6345 Instead of importing sock_efree() i could have used sock_edemux() since the two behave similarly, except when the passed socket is a TCP socket in the TCP_TIME_WAIT state. But since the TCP states are represented using an enum and the field sk_state is reused by every protocol, i preferred to avoid introducing a subtle mistake and use the original sock_efree() function. (partially backported from commit 62bccb8cdb69051b95a55ab0c489e3cab261c8ef) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> --- include/net/sock.h | 1 + net/core/sock.c | 6 ++++++ 2 files changed, 7 insertions(+)