• Herbert Xu's avatar
    [DCCP]: Make dccp_write_xmit always free the packet · ffa29347
    Herbert Xu authored
    icmp_send doesn't use skb->sk at all so even if skb->sk has already
    been freed it can't cause crash there (it would've crashed somewhere
    else first, e.g., ip_queue_xmit).
    I found a double-free on an skb that could explain this though.
    dccp_sendmsg and dccp_write_xmit are a little confused as to what
    should free the packet when something goes wrong.  Sometimes they
    both go for the ball and end up in each other's way.
    This patch makes dccp_write_xmit always free the packet no matter
    what.  This makes sense since dccp_transmit_skb which in turn comes
    from the fact that ip_queue_xmit always frees the packet.
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@mandriva.com>
proto.c 21.7 KB