summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMasayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>2007-03-16 16:14:03 -0700
committerDavid S. Miller <davem@davemloft.net>2007-03-16 16:14:03 -0700
commitd35690beda1429544d46c8eb34b2e3a8c37ab299 (patch)
treea9f87fa226d8f687c0072409ccb3c7ff0d60698d
parent53cdcc04c1e85d4e423b2822b66149b6f2e52c2c (diff)
[IPV6]: ipv6_fl_socklist is inadvertently shared.
The ipv6_fl_socklist from listening socket is inadvertently shared with new socket created for connection. This leads to a variety of interesting, but fatal, bugs. For example, removing one of the sockets may lead to the other socket's encountering a page fault when the now freed list is referenced. The fix is to not share the flow label list with the new socket. Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv6/tcp_ipv6.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index f57a9baa6b27..92f99927d12d 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1453,6 +1453,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
First: no IPv4 options.
*/
newinet->opt = NULL;
+ newnp->ipv6_fl_list = NULL;
/* Clone RX bits */
newnp->rxopt.all = np->rxopt.all;