| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jan 2020 07:21:35 +0100
From: Nicolai Stange <nstange@...e.de>
To: Kalle Valo <kvalo@...eaurora.org>
Cc: Nicolai Stange <nstange@...e.de>,
"David S. Miller" <davem@...emloft.net>,
Wen Huang <huangwenabc@...il.com>,
libertas-dev@...ts.infradead.org, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Takashi Iwai <tiwai@...e.de>, Miroslav Benes <mbenes@...e.cz>
Subject: Re: [PATCH 1/2] libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
Kalle Valo <kvalo@...eaurora.org> writes:
> Nicolai Stange <nstange@...e.de> writes:
>
>> Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
>> descriptor") introduced a bounds check on the number of supplied rates to
>> lbs_ibss_join_existing().
>>
>> Unfortunately, it introduced a return path from within a RCU read side
>> critical section without a corresponding rcu_read_unlock(). Fix this.
>>
>> Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
>> descriptor")
>
> This should be in one line, I'll fix it during commit.
Thanks!
--
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg), GF: Felix Imendörffer
Powered by blists - more mailing lists