diff options
author | Denis V. Lunev <den@openvz.org> | 2008-06-04 15:16:12 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-06-04 15:16:12 -0700 |
commit | 22dd485022f3d0b162ceb5e67d85de7c3806aa20 (patch) | |
tree | b96ff526ef0e7fe161eecdaa9edf999e3c3a4791 /net/ipv4 | |
parent | 199f7d24ae59894243687a234a909f44a8724506 (diff) | |
download | kernel-crypto-22dd485022f3d0b162ceb5e67d85de7c3806aa20.tar.gz kernel-crypto-22dd485022f3d0b162ceb5e67d85de7c3806aa20.tar.xz kernel-crypto-22dd485022f3d0b162ceb5e67d85de7c3806aa20.zip |
raw: Raw socket leak.
The program below just leaks the raw kernel socket
int main() {
int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
inet_aton("127.0.0.1", &addr.sin_addr);
addr.sin_family = AF_INET;
addr.sin_port = htons(2048);
sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr));
return 0;
}
Corked packet is allocated via sock_wmalloc which holds the owner socket,
so one should uncork it and flush all pending data on close. Do this in the
same way as in UDP.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/raw.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index fead049daf4..e7e091d365f 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -608,6 +608,14 @@ static void raw_close(struct sock *sk, long timeout) sk_common_release(sk); } +static int raw_destroy(struct sock *sk) +{ + lock_sock(sk); + ip_flush_pending_frames(sk); + release_sock(sk); + return 0; +} + /* This gets rid of all the nasties in af_inet. -DaveM */ static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { @@ -820,6 +828,7 @@ struct proto raw_prot = { .name = "RAW", .owner = THIS_MODULE, .close = raw_close, + .destroy = raw_destroy, .connect = ip4_datagram_connect, .disconnect = udp_disconnect, .ioctl = raw_ioctl, |