lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 8 Jul 2019 10:02:48 -0600
From:   Robert Hancock <hancock@...systems.ca>
To:     Wen Yang <wen.yang99@....com.cn>, linux-kernel@...r.kernel.org
Cc:     xue.zhihong@....com.cn, wang.yi59@....com.cn,
        cheng.shengyu@....com.cn, Anirudha Sarangi <anirudh@...inx.com>,
        John Linn <John.Linn@...inx.com>,
        "David S. Miller" <davem@...emloft.net>,
        Michal Simek <michal.simek@...inx.com>, netdev@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] net: axienet: fix a potential double free in
 axienet_probe()

On 2019-07-05 9:38 p.m., Wen Yang wrote:
> There is a possible use-after-free issue in the axienet_probe():
> 
> 1701:	np = of_parse_phandle(pdev->dev.of_node, "axistream-connected", 0);
> 1702:   if (np) {
> ...
> 1787:		of_node_put(np); ---> released here
> 1788:		lp->eth_irq = platform_get_irq(pdev, 0);
> 1789:	} else {
> ...
> 1801:	}
> 1802:	if (IS_ERR(lp->dma_regs)) {
> ...
> 1805:		of_node_put(np); ---> double released here
> 1806:		goto free_netdev;
> 1807:	}
> 
> We solve this problem by removing the unnecessary of_node_put().
> 
> Fixes: 28ef9ebdb64c ("net: axienet: make use of axistream-connected attribute optional")
> Signed-off-by: Wen Yang <wen.yang99@....com.cn>
> Cc: Anirudha Sarangi <anirudh@...inx.com>
> Cc: John Linn <John.Linn@...inx.com>
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Michal Simek <michal.simek@...inx.com>
> Cc: Robert Hancock <hancock@...systems.ca>
> Cc: netdev@...r.kernel.org
> Cc: linux-arm-kernel@...ts.infradead.org
> Cc: linux-kernel@...r.kernel.org

Yes, looks valid.

Reviewed-by: Robert Hancock <hancock@...systems.ca>

> ---
>  drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> index 561e28a..4fc627f 100644
> --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
> @@ -1802,7 +1802,6 @@ static int axienet_probe(struct platform_device *pdev)
>  	if (IS_ERR(lp->dma_regs)) {
>  		dev_err(&pdev->dev, "could not map DMA regs\n");
>  		ret = PTR_ERR(lp->dma_regs);
> -		of_node_put(np);
>  		goto free_netdev;
>  	}
>  	if ((lp->rx_irq <= 0) || (lp->tx_irq <= 0)) {
> 

-- 
Robert Hancock
Senior Software Developer
SED Systems, a division of Calian Ltd.
Email: hancock@...systems.ca

Powered by blists - more mailing lists