lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <E16896E5-B946-450F-BF42-04665D219EEA@holtmann.org>
Date:   Mon, 4 Nov 2019 15:19:52 +0100
From:   Marcel Holtmann <marcel@...tmann.org>
To:     Tomas Bortoli <tomasbortoli@...il.com>
Cc:     Johan Hedberg <johan.hedberg@...il.com>,
        Bluez mailing list <linux-bluetooth@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>, syzkaller@...glegroups.com,
        syzbot+a0d209a4676664613e76@...kaller.appspotmail.com
Subject: Re: [PATCH] Fix invalid-free in bcsp_close()

Hi Tomas,

> Syzbot reported an invalid-free that I introduced fixing a memleak.
> 
> bcsp_recv() also frees bcsp->rx_skb but never nullifies its value.
> Nullify bcsp->rx_skb every time it is freed.
> 
> Signed-off-by: Tomas Bortoli <tomasbortoli@...il.com>
> Reported-by: syzbot+a0d209a4676664613e76@...kaller.appspotmail.com
> ---
> drivers/bluetooth/hci_bcsp.c | 3 +++
> 1 file changed, 3 insertions(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ