From: Xin Long
Date: Sat, 17 Jun 2017 16:10:27 +0800
> Now before dumping a sock in sctp_diag, it only holds the sock while
> the ep may be already destroyed. It can cause a use-after-free panic
> when accessing ep->asocs.
>
> This patch is to set sctp_sk(sk)->ep NULL in sctp_endpoint_destroy,
>
On Sat, Jun 17, 2017 at 04:10:27PM +0800, Xin Long wrote:
> Now before dumping a sock in sctp_diag, it only holds the sock while
> the ep may be already destroyed. It can cause a use-after-free panic
> when accessing ep->asocs.
>
> This patch is to set sctp_sk(sk)->ep NULL in sctp_endpoint_destroy
Now before dumping a sock in sctp_diag, it only holds the sock while
the ep may be already destroyed. It can cause a use-after-free panic
when accessing ep->asocs.
This patch is to set sctp_sk(sk)->ep NULL in sctp_endpoint_destroy,
and check if this ep is already destroyed before dumping this ep.
