[NET]: sanitize kernel_accept() error path

If kernel_accept() returns an error, it may pass back a pointer to
freed memory (which the caller should ignore).  Make it pass back NULL
instead for better safety.

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/socket.c b/net/socket.c
index d233647..379b3a3 100644 (file)
--- a/net/socket.c
+++ b/net/socket.c
@@ -2235,6 +2235,7 @@ int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
        err = sock->ops->accept(sock, *newsock, flags);
        if (err < 0) {
                sock_release(*newsock);
+               *newsock = NULL;
                goto done;
        }