evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/dccp
History
Mohamed Ghannam 3196c1515e dccp: CVE-2017-8824: use-after-free in DCCP code 
commit 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 upstream.

Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and
dccps_hc_rx_ccid and set to NULL.

Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-16 20:09:40 +01:00
..
ccids dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state 2018-01-31 12:06:12 +01:00
ackvec.c dccp: drop null test before destroy functions 2015-09-15 16:49:43 -07:00
ackvec.h
ccid.c dccp: drop null test before destroy functions 2015-09-15 16:49:43 -07:00
ccid.h
dccp.h tcp/dccp: fix hashdance race for passive sessions 2015-10-23 05:42:21 -07:00
diag.c sock_diag: specify info_size per inet protocol 2015-06-15 19:49:22 -07:00
feat.c dccp: fix a memleak for dccp_feat_init err process 2017-08-11 09:08:54 -07:00
feat.h
input.c dccp: fix freeing skb too early for IPV6_RECVPKTINFO 2017-02-26 11:07:50 +01:00
ipv4.c tcp/dccp: fix other lockdep splats accessing ireq_opt 2017-11-18 11:11:07 +01:00
ipv6.c dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly 2017-08-11 09:08:54 -07:00
ipv6.h
Kconfig
Makefile
minisocks.c dccp: fix use-after-free in dccp_feat_activate_values 2017-03-22 12:04:15 +01:00
options.c
output.c dccp: constify dccp_make_response() socket argument 2015-09-25 13:00:39 -07:00
probe.c Use 64-bit timekeeping 2015-11-01 17:01:16 -05:00
proto.c dccp: CVE-2017-8824: use-after-free in DCCP code 2018-02-16 20:09:40 +01:00
qpolicy.c
sysctl.c
timer.c inet: get rid of central tcp/dccp listener timer 2015-03-20 12:40:25 -04:00