| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d2b0f847dbf6b6d1e585ef8de1d9d367f8d9fd3b.camel@sipsolutions.net>
Date: Fri, 23 Jul 2021 10:37:45 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Dongliang Mu <mudongliangabcd@...il.com>,
Kalle Valo <kvalo@...eaurora.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Luca Coelho <luciano.coelho@...el.com>,
Ilan Peer <ilan.peer@...el.com>
Cc: syzbot+1638e7c770eef6b6c0d0@...kaller.appspotmail.com,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cfg80211: free the object allocated in
wiphy_apply_custom_regulatory
On Fri, 2021-07-23 at 13:09 +0800, Dongliang Mu wrote:
> The commit beee24695157 ("cfg80211: Save the regulatory domain when
> setting custom regulatory") forgets to free the newly allocated regd
> object.
Not really? It's not forgetting it, it just saves it?
+ new_regd = reg_copy_regd(regd);
+ if (IS_ERR(new_regd))
+ return;
+
+ tmp = get_wiphy_regdom(wiphy);
+ rcu_assign_pointer(wiphy->regd, new_regd);
+ rcu_free_regdom(tmp);
> Fix this by freeing the regd object in the error handling code and
> deletion function - mac80211_hwsim_del_radio.
This can't be right - the same would affect all other users of that
function, no?
Perhaps somewhere we have a case where wiphy->regd is leaked, but than
that should be fixed more generally in cfg80211?
johannes
Powered by blists - more mailing lists