1
linux/drivers/infiniband/core
Roland Dreier 1b205c2d24 [PATCH] IB: fix CM use-after-free
If the CM REQ handling function gets to error2, then it frees
cm_id_priv->timewait_info.  But the next line goes through
ib_destroy_cm_id() -> ib_send_cm_rej() -> cm_reset_to_idle(),
which ends up calling cm_cleanup_timewait(), which dereferences the
pointer we just freed.  Make sure we clear cm_id_priv->timewait_info
after freeing it, so that doesn't happen.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2005-09-09 20:52:00 -07:00
..
agent_priv.h [PATCH] IB: Add copyright notices 2005-08-26 20:37:35 -07:00
agent.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
agent.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cache.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
cm_msgs.h [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
cm.c [PATCH] IB: fix CM use-after-free 2005-09-09 20:52:00 -07:00
core_priv.h [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
device.c [PATCH] IB: Add copyright notices 2005-08-26 20:37:35 -07:00
fmr_pool.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
mad_priv.h [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
mad_rmpp.c [PATCH] IB: RMPP fixes 2005-09-07 11:03:41 -07:00
mad_rmpp.h [PATCH] IB: Add RMPP implementation 2005-07-27 16:26:13 -07:00
mad.c [PATCH] IB: Fix ib_mad_thread_completion_handler declaration 2005-08-26 20:37:36 -07:00
Makefile [PATCH] IB: clean up user access config options 2005-09-07 12:43:08 -07:00
packer.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
sa_query.c [PATCH] IB: Move SA attributes to ib_sa.h 2005-09-09 15:24:04 -07:00
smi.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
smi.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sysfs.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
ucm.c [PATCH] IB: Add user-supplied context to userspace CM ABI 2005-09-07 09:48:52 -07:00
ucm.h [PATCH] IB: Add user-supplied context to userspace CM ABI 2005-09-07 09:48:52 -07:00
ud_header.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
user_mad.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
uverbs_cmd.c Make sure that userspace does not retrieve stale asynchronous or 2005-09-09 15:55:08 -07:00
uverbs_main.c Make sure that userspace does not retrieve stale asynchronous or 2005-09-09 15:55:08 -07:00
uverbs_mem.c [PATCH] IB: Add copyright notices 2005-08-26 20:37:35 -07:00
uverbs.h Make sure that userspace does not retrieve stale asynchronous or 2005-09-09 15:55:08 -07:00
verbs.c [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00