| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Nov 2020 12:13:15 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Heiner Kallweit <hkallweit1@...il.com>
Cc: David Miller <davem@...emloft.net>,
Realtek linux nic maintainers <nic_swsd@...ltek.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH net] r8169: fix potential skb double free in an error
path
On Thu, 5 Nov 2020 15:28:42 +0100 Heiner Kallweit wrote:
> The caller of rtl8169_tso_csum_v2() frees the skb if false is returned.
> eth_skb_pad() internally frees the skb on error what would result in a
> double free. Therefore use __skb_put_padto() directly and instruct it
> to not free the skb on error.
>
> Fixes: 25e992a4603c ("r8169: rename r8169.c to r8169_main.c")
> Reported-by: Jakub Kicinski <kuba@...nel.org>
> Signed-off-by: Heiner Kallweit <hkallweit1@...il.com>
> ---
> The Fixes tag refers to the change from which on the patch applies.
> However it will apply with a little fuzz only on versions up to 5.9.
I think we've been over this, please provide real fixes tags, pointing
to where bugs were introduced. I swapped the tag for:
Fixes: b423e9ae49d7 ("r8169: fix offloaded tx checksum for small packets.")
and applied, thanks.
Powered by blists - more mailing lists