• Cong Wang's avatar
    tipc: use the right skb in tipc_sk_fill_sock_diag() · e41f0548
    Cong Wang authored
    Commit 4b2e6877 ("tipc: Fix namespace violation in tipc_sk_fill_sock_diag")
    tried to fix the crash but failed, the crash is still 100% reproducible
    with it.
    
    In tipc_sk_fill_sock_diag(), skb is the diag dump we are filling, it is not
    correct to retrieve its NETLINK_CB(), instead, like other protocol diag,
    we should use NETLINK_CB(cb->skb).sk here.
    
    Reported-by: <syzbot+326e587eff1074657718@syzkaller.appspotmail.com>
    Fixes: 4b2e6877 ("tipc: Fix namespace violation in tipc_sk_fill_sock_diag")
    Fixes: c30b70de (tipc: implement socket diagnostics for AF_TIPC)
    Cc: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
    Cc: Jon Maloy <jon.maloy@ericsson.com>
    Cc: Ying Xue <ying.xue@windriver.com>
    Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e41f0548
socket.c 88.4 KB