[IPV6]: ipv6_fl_socklist is inadvertently shared.
authorMasayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
Fri, 16 Mar 2007 23:14:03 +0000 (16:14 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 16 Mar 2007 23:14:03 +0000 (16:14 -0700)
The ipv6_fl_socklist from listening socket is inadvertently shared
with new socket created for connection.  This leads to a variety of
interesting, but fatal, bugs. For example, removing one of the
sockets may lead to the other socket's encountering a page fault
when the now freed list is referenced.

The fix is to not share the flow label list with the new socket.

Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/tcp_ipv6.c

index f57a9baa6b272417af7c1f705b44ae605891f70a..92f99927d12d668a41b804dda43c20b17ec82b6a 100644 (file)
@@ -1453,6 +1453,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
           First: no IPv4 options.
         */
        newinet->opt = NULL;
+       newnp->ipv6_fl_list = NULL;
 
        /* Clone RX bits */
        newnp->rxopt.all = np->rxopt.all;