| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Dec 2012 11:40:10 +0400
From: Ilya Zykov <ilya@...x.ru>
To: Peter Hurley <peter@...leysoftware.com>
CC: Alan Cox <alan@...ux.intel.com>, Jiri Slaby <jslaby@...e.cz>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-serial@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next 0/9] tty: Fix buffer work access-after-free
On 04.12.2012 11:07, Peter Hurley wrote:
> This patch series addresses the causes of flush_to_ldisc accessing
> the tty after freeing.
>
I think, it is have sense only if you can take effect,
with this patch or something like. I can't. :)
Signed-off-by: Ilya Zykov <ilya@...x.ru>
---
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 2ea176b..f24751d 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -170,6 +170,10 @@ struct tty_struct *alloc_tty_struct(void)
return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
}
+static void flush_to_ldisc2(struct work_struct *work)
+{
+ printk(KERN_WARNING "Possible intrusion detected.\n");
+}
/**
* free_tty_struct - free a disused tty
* @tty: tty struct to free
@@ -188,6 +192,8 @@ void free_tty_struct(struct tty_struct *tty)
kfree(tty->write_buf);
tty_buffer_free_all(tty);
tty->magic = 0xDEADDEAD;
+ PREPARE_WORK(&tty->buf.work,flush_to_ldisc2);
+ //memset(tty, 0, sizeof(struct tty_struct));
kfree(tty);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists