aboutsummaryrefslogtreecommitdiff
path: root/net/tipc
diff options
context:
space:
mode:
authorSasha Levin2015-01-13 12:46:41 -0500
committerDavid S. Miller2015-01-13 17:26:27 -0500
commit357c4774b5b08878d980847f496af38869e7aad0 (patch)
tree52cd1f70e80d3a03671539a8795a8d2201915ae5 /net/tipc
parent86cfeab6b510a2fe94683bf71f9b96b686e2e0ce (diff)
tipc: correctly handle releasing a not fully initialized sock
Commit f2f9800d4955 "tipc: make tipc node table aware of net namespace" has added a dereference of sock->sk before making sure it's not NULL, which makes releasing a tipc socket NULL pointer dereference for sockets that are not fully initialized. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tipc')
-rw-r--r--net/tipc/socket.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index c9c34a667921..720fda6cc2e6 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -470,8 +470,8 @@ static void tipc_sk_callback(struct rcu_head *head)
static int tipc_release(struct socket *sock)
{
struct sock *sk = sock->sk;
- struct net *net = sock_net(sk);
- struct tipc_net *tn = net_generic(net, tipc_net_id);
+ struct net *net;
+ struct tipc_net *tn;
struct tipc_sock *tsk;
struct sk_buff *skb;
u32 dnode, probing_state;
@@ -483,6 +483,9 @@ static int tipc_release(struct socket *sock)
if (sk == NULL)
return 0;
+ net = sock_net(sk);
+ tn = net_generic(net, tipc_net_id);
+
tsk = tipc_sk(sk);
lock_sock(sk);