ipv4: Missing sk_nulls_node_init() in ping_unhash().

commit a134f083e79fb4c3d0a925691e732c56911b4326 upstream. If we don't do that, then the poison value is left in the ->pprev backlink. This can cause crashes if we do a disconnect, followed by a connect(). Tested-by: Linus Torvalds <torvalds@linux-foundation.org> Reported-by: Wen Xu <hotdog3645@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: David S. Miller <davem@davemloft.net> 2015-05-01 22:02:47 -0400
committer: Ben Hutchings <ben@decadent.org.uk> 2015-05-09 23:16:36 +0100
commit: d3df672020a93355bc8f683fc19694e0316381ab (patch)
tree: aad607c9e831ac644841430e7b642c72e36c8056 /net/ipv4
parent: 470e517be17dd6ef8670bec7bd7831ea0d3ad8a6 (diff)
download: kernel_samsung_smdk4412-d3df672020a93355bc8f683fc19694e0316381ab.zip
kernel_samsung_smdk4412-d3df672020a93355bc8f683fc19694e0316381ab.tar.gz
kernel_samsung_smdk4412-d3df672020a93355bc8f683fc19694e0316381ab.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index d495d4b..6d62262 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -139,6 +139,7 @@ static void ping_v4_unhash(struct sock *sk)
 	if (sk_hashed(sk)) {
 		write_lock_bh(&ping_table.lock);
 		hlist_nulls_del(&sk->sk_nulls_node);
+		sk_nulls_node_init(&sk->sk_nulls_node);
 		sock_put(sk);
 		isk->inet_num = isk->inet_sport = 0;
 		sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
author	David S. Miller <davem@davemloft.net>	2015-05-01 22:02:47 -0400
committer	Ben Hutchings <ben@decadent.org.uk>	2015-05-09 23:16:36 +0100
commit	d3df672020a93355bc8f683fc19694e0316381ab (patch)
tree	aad607c9e831ac644841430e7b642c72e36c8056 /net/ipv4
parent	470e517be17dd6ef8670bec7bd7831ea0d3ad8a6 (diff)
download	kernel_samsung_smdk4412-d3df672020a93355bc8f683fc19694e0316381ab.zip kernel_samsung_smdk4412-d3df672020a93355bc8f683fc19694e0316381ab.tar.gz kernel_samsung_smdk4412-d3df672020a93355bc8f683fc19694e0316381ab.tar.bz2