| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1394320128-26505-1-git-send-email-richard@nod.at> Date: Sun, 9 Mar 2014 00:08:48 +0100 From: Richard Weinberger <richard@....at> To: zbr@...emap.net Cc: linux-kernel@...r.kernel.org, Richard Weinberger <richard@....at> Subject: [PATCH] w1: Fix refcount leak in netlink connector If userspace sends a w1 message of length 0 we leak the refcount. Signed-off-by: Richard Weinberger <richard@....at> --- drivers/w1/w1_netlink.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/w1/w1_netlink.c b/drivers/w1/w1_netlink.c index 40788c9..7131777 100644 --- a/drivers/w1/w1_netlink.c +++ b/drivers/w1/w1_netlink.c @@ -355,7 +355,7 @@ static void w1_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp) err = 0; if (!mlen) - goto out_cont; + goto out_dec; mutex_lock(&dev->mutex); @@ -384,10 +384,11 @@ static void w1_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp) mlen -= cmd->len + sizeof(struct w1_netlink_cmd); } out_up: + mutex_unlock(&dev->mutex); +out_dec: atomic_dec(&dev->refcnt); if (sl) atomic_dec(&sl->refcnt); - mutex_unlock(&dev->mutex); out_cont: if (!cmd || err) w1_netlink_send_error(msg, m, cmd, err); -- 1.8.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists