[PATCH] Fix kfree() corruption in sock_read_buffer_sendmsg()

Oren Laadan orenl at librato.com
Fri Aug 14 13:21:34 PDT 2009



Serge E. Hallyn wrote:
> Quoting Dan Smith (danms at us.ibm.com):
>> The memcpy_from_iovec() function that the unix sendmsg functions use modifies
>> the struct msghdr.  Since the current code uses the msg.iovec_base pointer
>> in the msghdr for the kmalloc() and kfree(), we end up freeing the wrong
>> pointer.  This patch stores the original address in a separate pointer and
>> corrects the kfree() call to use it.
>>
>> Cc: serue at us.ibm.com
>> Signed-off-by: Dan Smith <danms at us.ibm.com>
> 
> Tested-by: Serge Hallyn <serue at us.ibm.com>

Pulled.

Oren.



More information about the Containers mailing list