tipc: correctly handle releasing a not fully initialized sock

Commit f2f9800d4955 "tipc: make tipc node table aware of net namespace" has added a dereference of sock->sk before making sure it's not NULL, which makes releasing a tipc socket NULL pointer dereference for sockets that are not fully initialized. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Sasha Levin <sasha.levin@oracle.com> 2015-01-13 12:46:41 -0500
committer: David S. Miller <davem@davemloft.net> 2015-01-13 17:26:27 -0500
commit: 357c4774b5b08878d980847f496af38869e7aad0 (patch)
tree: 52cd1f70e80d3a03671539a8795a8d2201915ae5 /net/tipc
parent: 86cfeab6b510a2fe94683bf71f9b96b686e2e0ce (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index c9c34a667921..720fda6cc2e6 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -470,8 +470,8 @@ static void tipc_sk_callback(struct rcu_head *head)
 static int tipc_release(struct socket *sock)
 {
        struct sock *sk = sock->sk;
-        struct net *net = sock_net(sk);
+        struct net *net;
-        struct tipc_net *tn = net_generic(net, tipc_net_id);
+        struct tipc_net *tn;
        struct tipc_sock *tsk;
        struct sk_buff *skb;
        u32 dnode, probing_state;
@@ -483,6 +483,9 @@ static int tipc_release(struct socket *sock)
        if (sk == NULL)
                return 0;
+        net = sock_net(sk);
+        tn = net_generic(net, tipc_net_id);
        tsk = tipc_sk(sk);
        lock_sock(sk);
author	Sasha Levin <sasha.levin@oracle.com>	2015-01-13 12:46:41 -0500
committer	David S. Miller <davem@davemloft.net>	2015-01-13 17:26:27 -0500
commit	357c4774b5b08878d980847f496af38869e7aad0 (patch)
tree	52cd1f70e80d3a03671539a8795a8d2201915ae5 /net/tipc
parent	86cfeab6b510a2fe94683bf71f9b96b686e2e0ce (diff)