| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Mar 2021 10:02:57 +0800 (GMT+08:00)
From: lyl2019@...l.ustc.edu.cn
To: "David Miller" <davem@...emloft.net>
Cc: santosh.shilimkar@...cle.com, kuba@...nel.org,
netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
rds-devel@....oracle.com, linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH] net/rds: Fix a use after free in
rds_message_map_pages
> -----原始邮件-----
> 发件人: "David Miller" <davem@...emloft.net>
> 发送时间: 2021-03-31 08:02:28 (星期三)
> 收件人: lyl2019@...l.ustc.edu.cn
> 抄送: santosh.shilimkar@...cle.com, kuba@...nel.org, netdev@...r.kernel.org, linux-rdma@...r.kernel.org, rds-devel@....oracle.com, linux-kernel@...r.kernel.org
> 主题: Re: [PATCH] net/rds: Fix a use after free in rds_message_map_pages
>
> From: Lv Yunlong <lyl2019@...l.ustc.edu.cn>
> Date: Tue, 30 Mar 2021 03:16:02 -0700
>
> > @@ -348,7 +348,7 @@ struct rds_message *rds_message_map_pages(unsigned long *page_addrs, unsigned in
> > rm->data.op_sg = rds_message_alloc_sgs(rm, num_sgs);
> > if (IS_ERR(rm->data.op_sg)) {
> > rds_message_put(rm);
> > - return ERR_CAST(rm->data.op_sg);
> > + return ERR_PTR(-ENOMEM);
> > }
> >
> > for (i = 0; i < rm->data.op_nents; ++i) {
>
> Maybe instead do:
>
> int err = ERR_CAST(rm->data.op_sg);
> rds_message_put(rm);
> return err;
>
> Then if rds_message_alloc_sgs() starts to return other errors, they will propagate.
>
> Thank you.
The type of ERR_CAST() is void *, not int.
I think the correct patch is:
void *err = ERR_CAST(rm->data.op_sg);
rds_message_put(rm);
return err;
I have submitted the PATCH v2 for you to review.
Thanks.
Powered by blists - more mailing lists