lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <DB8PR04MB67959F69700F5065344B9FE3E6F29@DB8PR04MB6795.eurprd04.prod.outlook.com>
Date:   Thu, 5 Aug 2021 02:24:44 +0000
From:   Joakim Zhang <qiangqing.zhang@....com>
To:     Pavel Skripkin <paskripkin@...il.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "hslester96@...il.com" <hslester96@...il.com>,
        "fugang.duan@....com" <fugang.duan@....com>
CC:     "dan.carpenter@...cle.com" <dan.carpenter@...cle.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 1/2] net: fec: fix use-after-free in fec_drv_remove


> -----Original Message-----
> From: Pavel Skripkin <paskripkin@...il.com>
> Sent: 2021年8月4日 23:52
> To: davem@...emloft.net; kuba@...nel.org; Joakim Zhang
> <qiangqing.zhang@....com>; hslester96@...il.com; fugang.duan@....com
> Cc: dan.carpenter@...cle.com; netdev@...r.kernel.org;
> linux-kernel@...r.kernel.org; Pavel Skripkin <paskripkin@...il.com>
> Subject: [PATCH 1/2] net: fec: fix use-after-free in fec_drv_remove
> 
> Smatch says:
> 	drivers/net/ethernet/freescale/fec_main.c:3994 fec_drv_remove() error:
> Using fep after free_{netdev,candev}(ndev);
> 	drivers/net/ethernet/freescale/fec_main.c:3995 fec_drv_remove() error:
> Using fep after free_{netdev,candev}(ndev);
> 
> Since fep pointer is netdev private data, accessing it after free_netdev() call can
> cause use-after-free bug. Fix it by moving free_netdev() call at the end of the
> function
> 
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Fixes: a31eda65ba21 ("net: fec: fix clock count mis-match")
> Signed-off-by: Pavel Skripkin <paskripkin@...il.com>
> ---
Thanks.

Reviewed-by: Joakim Zhang <qiangqing.zhang@....com>

Best Regards,
Joakim Zhang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ