summaryrefslogtreecommitdiffstats
path: root/net/ipv6/raw.c
diff options
context:
space:
mode:
authorDenis V. Lunev <den@openvz.org>2008-06-04 15:16:12 -0700
committerDavid S. Miller <davem@davemloft.net>2008-06-04 15:16:12 -0700
commit22dd485022f3d0b162ceb5e67d85de7c3806aa20 (patch)
treeb96ff526ef0e7fe161eecdaa9edf999e3c3a4791 /net/ipv6/raw.c
parent199f7d24ae59894243687a234a909f44a8724506 (diff)
downloadlinux-stable-22dd485022f3d0b162ceb5e67d85de7c3806aa20.tar.gz
linux-stable-22dd485022f3d0b162ceb5e67d85de7c3806aa20.tar.bz2
linux-stable-22dd485022f3d0b162ceb5e67d85de7c3806aa20.zip
raw: Raw socket leak.
The program below just leaks the raw kernel socket int main() { int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP); struct sockaddr_in addr; memset(&addr, 0, sizeof(addr)); inet_aton("127.0.0.1", &addr.sin_addr); addr.sin_family = AF_INET; addr.sin_port = htons(2048); sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr)); return 0; } Corked packet is allocated via sock_wmalloc which holds the owner socket, so one should uncork it and flush all pending data on close. Do this in the same way as in UDP. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/raw.c')
-rw-r--r--net/ipv6/raw.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 603df76e0522..8fee9a15b2d3 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1164,6 +1164,14 @@ static void rawv6_close(struct sock *sk, long timeout)
sk_common_release(sk);
}
+static int raw6_destroy(struct sock *sk)
+{
+ lock_sock(sk);
+ ip6_flush_pending_frames(sk);
+ release_sock(sk);
+ return 0;
+}
+
static int rawv6_init_sk(struct sock *sk)
{
struct raw6_sock *rp = raw6_sk(sk);
@@ -1187,6 +1195,7 @@ struct proto rawv6_prot = {
.name = "RAWv6",
.owner = THIS_MODULE,
.close = rawv6_close,
+ .destroy = raw6_destroy,
.connect = ip6_datagram_connect,
.disconnect = udp_disconnect,
.ioctl = rawv6_ioctl,