| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 07 Jul 2019 13:07:51 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: albin_yang@....com
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
tglx@...utronix.de
Subject: Re: [PATCH net] nfc: fix potential illegal memory access
From: Yang Wei <albin_yang@....com>
Date: Sun, 7 Jul 2019 21:37:40 +0800
> The frags_q is used before __skb_queue_head_init when conn_info is
> NULL. It may result in illegal memory access.
>
> Signed-off-by: Yang Wei <albin_yang@....com>
> ---
> net/nfc/nci/data.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
> index 0a0c265..b5f16cb 100644
> --- a/net/nfc/nci/data.c
> +++ b/net/nfc/nci/data.c
> @@ -104,14 +104,14 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev,
>
> pr_debug("conn_id 0x%x, total_len %d\n", conn_id, total_len);
>
> + __skb_queue_head_init(&frags_q);
> +
> conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
> if (!conn_info) {
> rc = -EPROTO;
> goto free_exit;
> }
>
> - __skb_queue_head_init(&frags_q);
> -
Just change the goto into "goto exit;", much simpler one-line fix.
Powered by blists - more mailing lists