lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2011 10:03:44 +0300 From: Dan Carpenter <error27@...il.com> To: netdev@...r.kernel.org Cc: John Fastabend <john.r.fastabend@...el.com>, Shmulik Ravid <shmulikr@...adcom.com>, kernel-janitors@...r.kernel.org, "David S. Miller" <davem@...emloft.net> Subject: [patch 2/2] dcb: use after free in dcb_flushapp() The original code has a use after free bug because it's not using the _safe() version of the list_for_each_entry() macro. Signed-off-by: Dan Carpenter <error27@...il.com> diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c index 8881cb5..11bf6a2 100644 --- a/net/dcb/dcbnl.c +++ b/net/dcb/dcbnl.c @@ -1650,9 +1650,10 @@ EXPORT_SYMBOL(dcb_setapp); static void dcb_flushapp(void) { struct dcb_app_type *app; + struct dcb_app_type *tmp; spin_lock(&dcb_lock); - list_for_each_entry(app, &dcb_app_list, list) { + list_for_each_entry_safe(app, tmp, &dcb_app_list, list) { list_del(&app->list); kfree(app); } -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists