diff options
author | Denis V. Lunev <den@openvz.org> | 2008-06-04 15:16:12 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-06-04 15:16:12 -0700 |
commit | 22dd485022f3d0b162ceb5e67d85de7c3806aa20 (patch) | |
tree | b96ff526ef0e7fe161eecdaa9edf999e3c3a4791 /net/ipv6/raw.c | |
parent | 199f7d24ae59894243687a234a909f44a8724506 (diff) | |
download | op-kernel-dev-22dd485022f3d0b162ceb5e67d85de7c3806aa20.zip op-kernel-dev-22dd485022f3d0b162ceb5e67d85de7c3806aa20.tar.gz |
raw: Raw socket leak.
The program below just leaks the raw kernel socket
int main() {
int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
inet_aton("127.0.0.1", &addr.sin_addr);
addr.sin_family = AF_INET;
addr.sin_port = htons(2048);
sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr));
return 0;
}
Corked packet is allocated via sock_wmalloc which holds the owner socket,
so one should uncork it and flush all pending data on close. Do this in the
same way as in UDP.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/raw.c')
-rw-r--r-- | net/ipv6/raw.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 603df76..8fee9a1 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -1164,6 +1164,14 @@ static void rawv6_close(struct sock *sk, long timeout) sk_common_release(sk); } +static int raw6_destroy(struct sock *sk) +{ + lock_sock(sk); + ip6_flush_pending_frames(sk); + release_sock(sk); + return 0; +} + static int rawv6_init_sk(struct sock *sk) { struct raw6_sock *rp = raw6_sk(sk); @@ -1187,6 +1195,7 @@ struct proto rawv6_prot = { .name = "RAWv6", .owner = THIS_MODULE, .close = rawv6_close, + .destroy = raw6_destroy, .connect = ip6_datagram_connect, .disconnect = udp_disconnect, .ioctl = rawv6_ioctl, |