af_unix: fix potential NULL deref in unix_dgram_connect()

[linux-2.6-microblaze.git] / net / unix / af_unix.c

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 7cad52b..eb47b9d 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -495,7 +495,7 @@ static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
                        sk_error_report(other);
                }
        }
-       sk->sk_state = other->sk_state = TCP_CLOSE;
+       other->sk_state = TCP_CLOSE;
 }
 
 static void unix_sock_destructor(struct sock *sk)
@@ -1222,6 +1222,7 @@ restart:
                if (err)
                        goto out_unlock;
 
+               sk->sk_state = other->sk_state = TCP_ESTABLISHED;
        } else {
                /*
                 *      1003.1g breaking connected state with AF_UNSPEC
@@ -1235,7 +1236,10 @@ restart:
         */
        if (unix_peer(sk)) {
                struct sock *old_peer = unix_peer(sk);
+
                unix_peer(sk) = other;
+               if (!other)
+                       sk->sk_state = TCP_CLOSE;
                unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
 
                unix_state_double_unlock(sk, other);
@@ -1248,8 +1252,6 @@ restart:
                unix_state_double_unlock(sk, other);
        }
 
-       if (unix_peer(sk))
-               sk->sk_state = other->sk_state = TCP_ESTABLISHED;
        return 0;
 
 out_unlock:
@@ -1831,6 +1833,7 @@ restart_locked:
 
                        unix_state_unlock(sk);
 
+                       sk->sk_state = TCP_CLOSE;
                        unix_dgram_disconnected(sk, other);
                        sock_put(other);
                        err = -ECONNREFUSED;