| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Mar 2020 16:56:52 +0100
From: Wolfram Sang <wsa@...-dreams.de>
To: Xu Wang <vulab@...as.ac.cn>
Cc: linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] i2c: Fix a potential use after free
On Fri, Dec 27, 2019 at 09:34:32AM +0000, Xu Wang wrote:
> Free the adap structure only after we are done using it.
> This patch just moves the put_device() down a bit to avoid the
> use after free.
>
> Signed-off-by: Xu Wang <vulab@...as.ac.cn>
Do you have a testcase to reproduce it?
I wonder because we are freeing the device structure which is embedded
inside the adap structure, not the adap structure itself. Or?
> ---
> drivers/i2c/i2c-core-base.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c
> index 9f8dcd3..160d43e 100644
> --- a/drivers/i2c/i2c-core-base.c
> +++ b/drivers/i2c/i2c-core-base.c
> @@ -2301,8 +2301,8 @@ void i2c_put_adapter(struct i2c_adapter *adap)
> if (!adap)
> return;
>
> - put_device(&adap->dev);
> module_put(adap->owner);
> + put_device(&adap->dev);
> }
> EXPORT_SYMBOL(i2c_put_adapter);
>
> --
> 2.7.4
>
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists