Quoting Dan Smith ([email protected]): > +static int sock_unix_checkpoint(struct ckpt_ctx *ctx, > + struct socket *socket, > + struct ckpt_hdr_socket *h) > +{ > + struct unix_sock *sk = unix_sk(socket->sk); > + struct unix_sock *pr = unix_sk(sk->peer); > + struct ckpt_hdr_socket_unix *un; > + int new; > + int ret = -ENOMEM; > + > + if ((socket->sk->sk_state == TCP_LISTEN) && > + !skb_queue_empty(&socket->sk->sk_receive_queue)) { > + ckpt_write_err(ctx, "listening socket has unaccepted peers"); > + return -EBUSY; > + } > + > + un = ckpt_hdr_get_type(ctx, sizeof(*un), CKPT_HDR_SOCKET_UNIX); > + if (!un) > + goto out;
... > + out: > + ckpt_hdr_put(ctx, un); This will cause a null deref trying to get ptr->len in ckpt_hdr_put(). -serge _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
