netdev - Re: nfc: pn533: suspected double free when pn533_fill_fragment

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:   Fri, 5 Nov 2021 11:10:33 +0100
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
To:     YE Chengfeng <cyeaa@...nect.ust.hk>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "wengjianfeng@...ong.com" <wengjianfeng@...ong.com>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "dan.carpenter@...cle.com" <dan.carpenter@...cle.com>
Cc:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: nfc: pn533: suspected double free when pn533_fill_fragment_skbs()
 return value <= 0

On 05/11/2021 10:22, YE Chengfeng wrote:
> Hi,
> 
> We notice that skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs, but follow error handler branch #line 2288 and #line 2356, skb is freed again, seems like a double free issue. Would you like to have a look at them? We will provide patch for them after confirmation.
> 
> https://github.com/torvalds/linux/blob/master/drivers/nfc/pn533/pn533.c#L2288

Hi,

Indeed it looks like double free. Please send a patch even without
confirmation - code is better than just text report.

Best regards,
Krzysztof