net: sctp: possible dereference after freeing

From: Geyslan GregÃrio Bem
Date: Sat Oct 19 2013 - 07:39:12 EST

Next message: Chen Gong: "Re: [PATCH v3 8/9] ACPI, APEI, CPER: Cleanup CPER memory erroroutput format"
Previous message: Vishal Annapurve: "RE: [PATCH] usb-storage: scsiglue: Changing the command result"
Next in thread: Geyslan GregÃrio Bem: "Re: net: sctp: possible dereference after freeing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi maintainers,

I would like to know if these are catches:

/net/sctp/endpointola.c (281)
static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
{
struct sock *sk;
...
kfree(ep);
SCTP_DBG_OBJCNT_DEC(ep);
}

The 'ep' object counter is being decremented?! Is the kfree to be there indeed?
Let me know what was intended here.

Same here:
/net/sctp/endpointola.c (165)
static void sctp_transport_destroy_rcu(struct rcu_head *head)
{
struct sctp_transport *transport;
...
kfree(transport);
SCTP_DBG_OBJCNT_DEC(transport);
}

Regards,

Geyslan GregÃrio Bem
hackingbits.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chen Gong: "Re: [PATCH v3 8/9] ACPI, APEI, CPER: Cleanup CPER memory erroroutput format"
Previous message: Vishal Annapurve: "RE: [PATCH] usb-storage: scsiglue: Changing the command result"
Next in thread: Geyslan GregÃrio Bem: "Re: net: sctp: possible dereference after freeing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]