Pandora Sourcecodes - pandora-kernel.git/commit

git.openpandora.org / pandora-kernel.git / commit

author	Mohamed Ghannam <simo.ghannam@gmail.com>
	Tue, 5 Dec 2017 20:58:35 +0000 (20:58 +0000)
committer	Ben Hutchings <ben@decadent.org.uk>
	Mon, 1 Jan 2018 20:51:03 +0000 (20:51 +0000)
commit	e23d13a89d8ca5fe717d75248672e1b8bc4a3be8
tree	0d477f3ceb88759c733e21d462400bd9f853a92e	tree \| snapshot
parent	b3457d5470b1e82cf7a15e595577be493d07b7bf	commit \| diff

dccp: CVE-2017-8824: use-after-free in DCCP code

commit 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 upstream.

Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and
dccps_hc_rx_ccid and set to NULL.

Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

net/dccp/proto.c

diff | blob | history

Pandora Kernel Repository

RSS Atom