On 14.12.2015 23:58, Cong Wang wrote: > On Mon, Dec 14, 2015 at 2:45 PM, Hannes Frederic Sowa > <han...@stressinduktion.org> wrote: >> diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c >> index fc69e41d09506e..f9ffdf070ad807 100644 >> --- a/drivers/net/ppp/pptp.c >> +++ b/drivers/net/ppp/pptp.c >> @@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct >> sockaddr *uservaddr, >> struct pptp_opt *opt = &po->proto.pptp; >> int error = 0; >> >> + if (sockaddr_len < sizeof(*sp)) >> + return -EINVAL; >> + > > I sent a very similar patch: > https://patchwork.ozlabs.org/patch/556663/
Ah, thanks. Did not notice. The connect() part is also already in my queue, but I don't think it solves the use-after-free. The RCU implementation of callid_sock seems broken to me. David, discard my patch. Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
