system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-24 21:38:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/infiniband
History
Roland Dreier 1b205c2d24 [PATCH] IB: fix CM use-after-free 
If the CM REQ handling function gets to error2, then it frees
cm_id_priv->timewait_info.  But the next line goes through
ib_destroy_cm_id() -> ib_send_cm_rej() -> cm_reset_to_idle(),
which ends up calling cm_cleanup_timewait(), which dereferences the
pointer we just freed.  Make sure we clear cm_id_priv->timewait_info
after freeing it, so that doesn't happen.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2005-09-09 20:52:00 -07:00
..
core [PATCH] IB: fix CM use-after-free 2005-09-09 20:52:00 -07:00
hw/mthca [PATCH] IB: Initialize qp->wait 2005-09-07 09:48:53 -07:00
ulp/ipoib [PATCH] IPoIB: fix memory leak 2005-09-07 09:48:52 -07:00
Kconfig [PATCH] IB: clean up user access config options 2005-09-07 12:43:08 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00