lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7a67262f-c824-df23-40dd-2e54041f3ec3@canonical.com>
Date:   Sat, 6 Nov 2021 10:42:06 +0100
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
To:     Chengfeng Ye <cyeaa@...nect.ust.hk>, davem@...emloft.net,
        kuba@...nel.org, wengjianfeng@...ong.com, dan.carpenter@...cle.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] nfc: pn533: Fix double free when
 pn533_fill_fragment_skbs() fails

On 05/11/2021 14:36, Chengfeng Ye wrote:
> skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs,
> but follow error handler branch when pn533_fill_fragment_skbs()
> fails, skb is freed again, results in double free issue. Fix this
> by not free skb in error path of pn533_fill_fragment_skbs.
> 
> Signed-off-by: Chengfeng Ye <cyeaa@...nect.ust.hk>
> ---
>  drivers/nfc/pn533/pn533.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Looks good, thanks:
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>

Please do not forget about fixes tag. Here it is trickier because
pn533_fill_fragment_skbs() usage was introduced in two commits:

Fixes: 963a82e07d4e ("NFC: pn533: Split large Tx frames in chunks")
Fixes: 93ad42020c2d ("NFC: pn533: Target mode Tx fragmentation support")
Cc: <stable@...r.kernel.org>

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ