diff mbox series

[2/2] UBUNTU: SAUCE: import sock_efree()

Message ID 1532421650-17137-3-git-send-email-paolo.pisati@canonical.com
State New
Headers show
Series Fix for CVE-2017-6345 | expand

Commit Message

Paolo Pisati July 24, 2018, 8:40 a.m. UTC 
CVE-2017-6345

Instead of importing sock_efree() i could have used sock_edemux() since the two
behave similarly, except when the passed socket is a TCP socket in the
TCP_TIME_WAIT state. But since the TCP states are represented using an enum and
the field sk_state is reused by every protocol, i preferred to avoid introducing
a subtle mistake and use the original sock_efree() function.

(partially backported from commit 62bccb8cdb69051b95a55ab0c489e3cab261c8ef)

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
---
 include/net/sock.h | 1 +
 net/core/sock.c    | 6 ++++++
 2 files changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/include/net/sock.h b/include/net/sock.h
index db6e0ee..124e683 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1550,6 +1550,7 @@  struct sk_buff *sock_rmalloc(struct sock *sk, unsigned long size, int force,
 void sock_wfree(struct sk_buff *skb);
 void skb_orphan_partial(struct sk_buff *skb);
 void sock_rfree(struct sk_buff *skb);
+void sock_efree(struct sk_buff *skb);
 void sock_edemux(struct sk_buff *skb);
 
 int sock_setsockopt(struct socket *sock, int level, int op,
diff --git a/net/core/sock.c b/net/core/sock.c
index d387778..a2702d5 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1676,6 +1676,12 @@  void sock_rfree(struct sk_buff *skb)
 }
 EXPORT_SYMBOL(sock_rfree);
 
+void sock_efree(struct sk_buff *skb)
+{
+       sock_put(skb->sk);
+}
+EXPORT_SYMBOL(sock_efree);
+
 void sock_edemux(struct sk_buff *skb)
 {
 	struct sock *sk = skb->sk;