lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Aug 2016 15:09:33 -0700 (PDT) From: David Miller <davem@...emloft.net> To: vegard.nossum@...cle.com Cc: samuel@...tiz.org, irda-users@...ts.sourceforge.net, netdev@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] net/irda: handle iriap_register_lsap() allocation failure From: Vegard Nossum <vegard.nossum@...cle.com> Date: Fri, 12 Aug 2016 10:29:13 +0200 > If iriap_register_lsap() fails to allocate memory, self->lsap is > set to NULL. However, none of the callers handle the failure and > irlmp_connect_request() will happily dereference it: ... > The bug seems to have been around since forever. > > There's more problems with missing error checks in iriap_init() (and > indeed all of irda_init()), but that's a bigger problem that needs > very careful review and testing. This patch will fix the most serious > bug (as it's easily reached from unprivileged userspace). > > I have tested my patch with a reproducer. > > Signed-off-by: Vegard Nossum <vegard.nossum@...cle.com> Applied.
Powered by blists - more mailing lists