lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon,  2 May 2022 14:00:52 +0000 (UTC)
From:   Kalle Valo <kvalo@...nel.org>
To:     Xiaomeng Tong <xiam0nd.tong@...il.com>
Cc:     davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
        linville@...driver.com, linux-wireless@...r.kernel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Xiaomeng Tong <xiam0nd.tong@...il.com>, stable@...r.kernel.org
Subject: Re: [PATCH v2] carl9170: tx: fix an incorrect use of list iterator

Xiaomeng Tong <xiam0nd.tong@...il.com> wrote:

> If the previous list_for_each_entry_continue_rcu() don't exit early
> (no goto hit inside the loop), the iterator 'cvif' after the loop
> will be a bogus pointer to an invalid structure object containing
> the HEAD (&ar->vif_list). As a result, the use of 'cvif' after that
> will lead to a invalid memory access (i.e., 'cvif->id': the invalid
> pointer dereference when return back to/after the callsite in the
> carl9170_update_beacon()).
> 
> The original intention should have been to return the valid 'cvif'
> when found in list, NULL otherwise. So just return NULL when no
> entry found, to fix this bug.
> 
> Cc: stable@...r.kernel.org
> Fixes: 1f1d9654e183c ("carl9170: refactor carl9170_update_beacon")
> Signed-off-by: Xiaomeng Tong <xiam0nd.tong@...il.com>
> Acked-by: Christian Lamparter <chunkeey@...il.com>
> Signed-off-by: Kalle Valo <quic_kvalo@...cinc.com>

Patch applied to ath-next branch of ath.git, thanks.

54a6f29522da carl9170: tx: fix an incorrect use of list iterator

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20220328122820.1004-1-xiam0nd.tong@gmail.com/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ