| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jul 2016 10:39:22 +0200
From: Jiri Pirko <jiri@...nulli.us>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Jiri Pirko <jiri@...lanox.com>, Ido Schimmel <idosch@...lanox.com>,
netdev@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [patch -next] mlxsw: spectrum_router: fix a use after free
Thu, Jul 07, 2016 at 10:20:28AM CEST, dan.carpenter@...cle.com wrote:
>mlxsw_sp_fib_entry_destroy() frees "fib_entry" but we dereference it on
>the next line.
>
>Fixes: 61c503f976b5 ('mlxsw: spectrum_router: Implement fib4 add/del switchdev obj ops')
>Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
>
>diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
>index e084ea5..adb481a 100644
>--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
>+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
>@@ -1652,8 +1652,8 @@ static void mlxsw_sp_router_fib4_add_info_destroy(void const *data)
> struct mlxsw_sp_fib_entry *fib_entry = info->fib_entry;
> struct mlxsw_sp *mlxsw_sp = info->mlxsw_sp;
To be consistent with the rest of the flows, I would rather do:
struct mlxsw_sp_vr *vr = fib_entry->vr;
mlxsw_sp_fib_entry_destroy(fib_entry);
mlxsw_sp_vr_put(mlxsw_sp, vr);
I can send the fix or I can leave it up to you. Thanks.
Powered by blists - more mailing lists