lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20190708.163235.455094269982602106.davem@davemloft.net>
Date:   Mon, 08 Jul 2019 16:32:35 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     wen.yang99@....com.cn
Cc:     linux-kernel@...r.kernel.org, xue.zhihong@....com.cn,
        wang.yi59@....com.cn, cheng.shengyu@....com.cn, anirudh@...inx.com,
        John.Linn@...inx.com, michal.simek@...inx.com,
        hancock@...systems.ca, netdev@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] net: axienet: fix a potential double free in
 axienet_probe()

From: Wen Yang <wen.yang99@....com.cn>
Date: Sat, 6 Jul 2019 11:38:41 +0800

> There is a possible use-after-free issue in the axienet_probe():
> 
> 1701:	np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
> 1702:   if (np) {
> ...
> 1787:		of_node_put(np); ---> released here
> 1788:		lp->eth_irq = platform_get_irq(pdev, 0);
> 1789:	} else {
> ...
> 1801:	}
> 1802:	if (IS_ERR(lp->dma_regs)) {
> ...
> 1805:		of_node_put(np); ---> double released here
> 1806:		goto free_netdev;
> 1807:	}
> 
> We solve this problem by removing the unnecessary of_node_put().
> 
> Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute optional")
> Signed-off-by: Wen Yang <wen.yang99@....com.cn>

Applied to net-next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ