| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <483BB8EF.4090904@cn.fujitsu.com> Date: Tue, 27 May 2008 15:31:59 +0800 From: Wei Yongjun <yjwei@...fujitsu.com> To: Dmitry Petukhov <dmgenp@...il.com> CC: davem@...emloft.net, netdev@...r.kernel.org, acme@...stprotocols.net Subject: Re: [PATCH 2.6.26-rc4] fix double call of kfree_skb in net/llc/llc_sap.c Dmitry Petukhov wrote: > in function llc_sap_state_proces there was lack of return statement, > and finalizing kfree_skb might be called after skb was already freed > or queued to the user. > > following patch adds the necessary return. > > Not correct, since kfree_skb(skb) is used after skb_get(skb). First, it used skb_get inc the users counter, and then, kfree_skb will dec the users count, not do the real free. > --- > > --- a/net/llc/llc_sap.c 2008-05-27 12:52:01.000000000 +0600 > +++ b/net/llc/llc_sap.c 2008-05-27 12:52:37.000000000 +0600 > @@ -223,6 +223,7 @@ > if (sock_queue_rcv_skb(skb->sk, skb)) > kfree_skb(skb); > } > + return; > } > kfree_skb(skb); > } > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists