[NETLINK]: Fix use-after-free in netlink_recvmsg
The skb given to netlink_cmsg_recv_pktinfo is already freed, move it up
a few lines.
Coverity #948
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
---
commit 6e745f19b2d9704b08cc5a3d9476b252bf86b46f
tree 20b4276a4a7ffdaf8b4ec4d52e1fa35aa34d850f
parent 901a2a6eb676baea9392e47f16f7e0a0219b7ba5
author Patrick McHardy <[EMAIL PROTECTED]> Mon, 13 Mar 2006 00:06:57 +0100
committer Patrick McHardy <[EMAIL PROTECTED]> Mon, 13 Mar 2006 00:06:57 +0100
net/netlink/af_netlink.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 6b9772d..59dc7d1 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1194,6 +1194,9 @@ static int netlink_recvmsg(struct kiocb
msg->msg_namelen = sizeof(*addr);
}
+ if (nlk->flags & NETLINK_RECV_PKTINFO)
+ netlink_cmsg_recv_pktinfo(msg, skb);
+
if (NULL == siocb->scm) {
memset(&scm, 0, sizeof(scm));
siocb->scm = &scm;
@@ -1205,8 +1208,6 @@ static int netlink_recvmsg(struct kiocb
netlink_dump(sk);
scm_recv(sock, msg, siocb->scm, flags);
- if (nlk->flags & NETLINK_RECV_PKTINFO)
- netlink_cmsg_recv_pktinfo(msg, skb);
out:
netlink_rcv_wake(sk);
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
