| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0000000000002dfa3b0609cb56d6@google.com>
Date: Fri, 10 Nov 2023 04:19:48 -0800
From: syzbot <syzbot+bbe84a4010eeea00982d@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] [PATCH] Test for aea6bf908d73
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: [PATCH] Test for aea6bf908d73
Author: eadavis@...com
please test uaf in nfc_alloc_send_skb
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git aea6bf908d73
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index e2680a3bef79..05b21ced9e1f 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -754,6 +754,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
remaining_len = len;
msg_ptr = msg_data;
+ bh_lock_sock(sock);
do {
remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
local->remote_miu : sock->remote_miu;
@@ -784,6 +785,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
remaining_len -= frag_len;
msg_ptr += frag_len;
} while (remaining_len > 0);
+ bh_unlock_sock(sock);
kfree(msg_data);
--
2.25.1
Powered by blists - more mailing lists