| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241008101232.123389e1@xps-13> Date: Tue, 8 Oct 2024 10:12:32 +0200 From: Miquel Raynal <miquel.raynal@...tlin.com> To: Ignat Korchagin <ignat@...udflare.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Marcel Holtmann <marcel@...tmann.org>, Johan Hedberg <johan.hedberg@...il.com>, Luiz Augusto von Dentz <luiz.dentz@...il.com>, Oliver Hartkopp <socketcan@...tkopp.net>, Marc Kleine-Budde <mkl@...gutronix.de>, Alexander Aring <alex.aring@...il.com>, Stefan Schmidt <stefan@...enfreihafen.org>, David Ahern <dsahern@...nel.org>, Willem de Bruijn <willemdebruijn.kernel@...il.com>, linux-bluetooth@...r.kernel.org, linux-can@...r.kernel.org, linux-wpan@...r.kernel.org, kernel-team@...udflare.com, kuniyu@...zon.com, alibuda@...ux.alibaba.com Subject: Re: [PATCH v2 6/8] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Hi Ignat, ignat@...udflare.com wrote on Mon, 7 Oct 2024 22:35:00 +0100: > sock_init_data() attaches the allocated sk object to the provided sock > object. If ieee802154_create() fails later, the allocated sk object is > freed, but the dangling pointer remains in the provided sock object, which > may allow use-after-free. > > Clear the sk pointer in the sock object on error. > > Signed-off-by: Ignat Korchagin <ignat@...udflare.com> Reviewed-by: Miquel Raynal <miquel.raynal@...tlin.com> Thanks, Miquèl
Powered by blists - more mailing lists