Re: [PATCH net] sctp: fix an use-after-free issue in sctp_sock_dump

From: Xin Long Date: Fri, 15 Sep 2017 11:02:21 +0800 > Commit 86fdb3448cc1 ("sctp: ensure ep is not destroyed before doing the > dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep > with holding sock and sock lock. > > But Paolo noticed that endpoint could be destroyed in s

Re: [PATCH net] sctp: fix an use-after-free issue in sctp_sock_dump

On Fri, Sep 15, 2017 at 11:02:21AM +0800, Xin Long wrote: > Commit 86fdb3448cc1 ("sctp: ensure ep is not destroyed before doing the > dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep > with holding sock and sock lock. > > But Paolo noticed that endpoint could be destroyed i

Re: [PATCH net] sctp: fix an use-after-free issue in sctp_sock_dump

On Fri, Sep 15, 2017 at 11:02:21AM +0800, Xin Long wrote: > Commit 86fdb3448cc1 ("sctp: ensure ep is not destroyed before doing the > dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep > with holding sock and sock lock. > > But Paolo noticed that endpoint could be destroyed i

[PATCH net] sctp: fix an use-after-free issue in sctp_sock_dump

Commit 86fdb3448cc1 ("sctp: ensure ep is not destroyed before doing the dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep with holding sock and sock lock. But Paolo noticed that endpoint could be destroyed in sctp_rcv without sock lock protection. It means the use-after-free