lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 19 Dec 2022 11:47:33 +0100
From:   Stefan Schmidt <stefan@...enfreihafen.org>
To:     Miquel Raynal <miquel.raynal@...tlin.com>,
        Alexander Aring <alex.aring@...il.com>,
        linux-wpan@...r.kernel.org
Cc:     David Girault <david.girault@...vo.com>,
        Romuald Despres <romuald.despres@...vo.com>,
        Frederic Blain <frederic.blain@...vo.com>,
        Nicolas Schodet <nico@...fr.eu.org>,
        Guilhem Imberton <guilhem.imberton@...vo.com>,
        Thomas Petazzoni <thomas.petazzoni@...tlin.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
        Dan Carpenter <error27@...il.com>
Subject: Re: [PATCH wpan] mac802154: Fix possible double free upon parsing
 error

Hello.

On 17.12.22 00:57, Miquel Raynal wrote:
> Commit 4d1c7d87030b ("mac802154: Move an skb free within the rx path")
> tried to simplify error handling within the receive path by moving the
> kfree_skb() call at the very end of the top-level function but missed
> one kfree_skb() called upon frame parsing error. Prevent this possible
> double free from happening.
> 
> Fixes: 4d1c7d87030b ("mac802154: Move an skb free within the rx path")
> Reported-by: Dan Carpenter <error27@...il.com>
> Signed-off-by: Miquel Raynal <miquel.raynal@...tlin.com>
> ---
>   net/mac802154/rx.c | 1 -
>   1 file changed, 1 deletion(-)
> 
> diff --git a/net/mac802154/rx.c b/net/mac802154/rx.c
> index c2aae2a6d6a6..97bb4401dd3e 100644
> --- a/net/mac802154/rx.c
> +++ b/net/mac802154/rx.c
> @@ -213,7 +213,6 @@ __ieee802154_rx_handle_packet(struct ieee802154_local *local,
>   	ret = ieee802154_parse_frame_start(skb, &hdr);
>   	if (ret) {
>   		pr_debug("got invalid frame\n");
> -		kfree_skb(skb);
>   		return;
>   	}
>   

This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!

regards
Stefan Schmidt

Powered by blists - more mailing lists