From: Neil Brown <neilb@cse.unsw.edu.au>

Extract ->stamp from skb *before* freeing it in svcsock.c

As we sometime copy and free an skb, and sometime us it in-place, we must
be careful to extract information from it *before* it might be freed, not
after.



 net/sunrpc/svcsock.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletion(-)

diff -puN net/sunrpc/svcsock.c~svcsock-use-after-free-fix net/sunrpc/svcsock.c
--- linux-mnm/net/sunrpc/svcsock.c~svcsock-use-after-free-fix	2003-05-26 22:10:34.000000000 -0700
+++ linux-mnm-akpm/net/sunrpc/svcsock.c	2003-05-26 22:10:34.000000000 -0700
@@ -589,6 +589,8 @@ svc_udp_recvfrom(struct svc_rqst *rqstp)
 	rqstp->rq_addr.sin_port = skb->h.uh->source;
 	rqstp->rq_addr.sin_addr.s_addr = skb->nh.iph->saddr;
 
+	svsk->sk_sk->stamp = skb->stamp;
+
 	if (skb_is_nonlinear(skb)) {
 		/* we have to copy */
 		local_bh_disable();
@@ -629,7 +631,6 @@ svc_udp_recvfrom(struct svc_rqst *rqstp)
 		serv->sv_stats->netudpcnt++;
 
 	/* One down, maybe more to go... */
-	svsk->sk_sk->stamp = skb->stamp;
 	svc_sock_received(svsk);
 
 	return len;

_