| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2021 21:32:05 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Oleksij Rempel <o.rempel@...gutronix.de>
Cc: dev.kurt@...dijck-laurijssen.be, wg@...ndegger.com,
Xiaochen Zou <xzou017@....edu>, kernel@...gutronix.de,
linux-can@...r.kernel.org, netdev@...r.kernel.org,
David Jander <david@...tonic.nl>,
Zhang Changzhong <zhangchangzhong@...wei.com>
Subject: Re: [PATCH v1] can: j1939: j1939_session_deactivate(): clarify
lifetime of session object
On 14.07.2021 13:16:02, Oleksij Rempel wrote:
> The j1939_session_deactivate() is decrementing the session ref-count and
> potentially can free() the session. This would cause use-after-free
> situation.
>
> However, the code calling j1939_session_deactivate() does always hold
> another reference to the session, so that it would not be free()ed in
> this code path.
>
> This patch adds a comment to make this clear and a WARN_ON, to ensure
> that future changes will not violate this requirement. Further this
> patch avoids dereferencing the session pointer as a precaution to avoid
> use-after-free if the session is actually free()ed.
>
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Reported-by: Xiaochen Zou <xzou017@....edu>
> Signed-off-by: Oleksij Rempel <o.rempel@...gutronix.de>
Added to linux-can/testing
regards,
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung West/Dortmund | Phone: +49-231-2826-924 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists