| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45e75291-223d-829a-6772-07bde8943dcc@canonical.com>
Date: Fri, 5 Nov 2021 11:10:33 +0100
From: Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
To: YE Chengfeng <cyeaa@...nect.ust.hk>,
"davem@...emloft.net" <davem@...emloft.net>,
"wengjianfeng@...ong.com" <wengjianfeng@...ong.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"dan.carpenter@...cle.com" <dan.carpenter@...cle.com>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: nfc: pn533: suspected double free when pn533_fill_fragment_skbs()
return value <= 0
On 05/11/2021 10:22, YE Chengfeng wrote:
> Hi,
>
> We notice that skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs, but follow error handler branch #line 2288 and #line 2356, skb is freed again, seems like a double free issue. Would you like to have a look at them? We will provide patch for them after confirmation.
>
> https://github.com/torvalds/linux/blob/master/drivers/nfc/pn533/pn533.c#L2288
Hi,
Indeed it looks like double free. Please send a patch even without
confirmation - code is better than just text report.
Best regards,
Krzysztof
Powered by blists - more mailing lists