| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Apr 2017 13:21:30 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: "David S. Miller" <davem@...emloft.net>,
Courtney Cavin <courtney.cavin@...ymobile.com>
Cc: Bjorn Andersson <bjorn.andersson@...aro.org>,
David Ahern <dsa@...ulusnetworks.com>,
Stephen Boyd <sboyd@...eaurora.org>,
Johannes Berg <johannes.berg@...el.com>,
netdev@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: [PATCH] net: qrtr: potential use after free in qrtr_sendmsg()
If skb_pad() fails then it frees the skb so we should check for errors.
Fixes: bdabad3e363d ("net: Add Qualcomm IPC router")
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
index c36b0ec364a4..a9a8c7d5a4a9 100644
--- a/net/qrtr/qrtr.c
+++ b/net/qrtr/qrtr.c
@@ -658,7 +658,9 @@ static int qrtr_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
}
if (plen != len) {
- skb_pad(skb, plen - len);
+ rc = skb_pad(skb, plen - len);
+ if (rc)
+ goto out_node;
skb_put(skb, plen - len);
}
Powered by blists - more mailing lists