tcp_ipv6: fix use of uninitialized memory

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

inet6_rsk() is called on a struct request_sock * before we
have checked whether the socket is an ipv6 socket or a ipv6-
mapped ipv4 socket. The access that triggers this is the
inet_rsk(rsk)->inet6_rsk_offset dereference in inet6_rsk().

This is arguably not a critical error as the inet6_rsk_offset
is only used to compute a pointer which is never really used
(in the code path in question) anyway. But it might be a
latent error, so let's fix it.

Spotted by kmemcheck.

Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Vegard Nossum and committed by

David S. Miller 17 years ago 78d15e82 f262b59b

+2 -1

1 changed file

expand all

net

ipv6

tcp_ipv6.c

+2 -1

net/ipv6/tcp_ipv6.c

··· 1286 1286 struct request_sock *req, 1287 1287 struct dst_entry *dst) 1288 1288 { 1289 - struct inet6_request_sock *treq = inet6_rsk(req); 1289 + struct inet6_request_sock *treq; 1290 1290 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1291 1291 struct tcp6_sock *newtcp6sk; 1292 1292 struct inet_sock *newinet; ··· 1350 1350 return newsk; 1351 1351 } 1352 1352 1353 + treq = inet6_rsk(req); 1353 1354 opt = np->opt; 1354 1355 1355 1356 if (sk_acceptq_is_full(sk))