lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Dec 2022 11:47:33 +0100 From: Stefan Schmidt <stefan@...enfreihafen.org> To: Miquel Raynal <miquel.raynal@...tlin.com>, Alexander Aring <alex.aring@...il.com>, linux-wpan@...r.kernel.org Cc: David Girault <david.girault@...vo.com>, Romuald Despres <romuald.despres@...vo.com>, Frederic Blain <frederic.blain@...vo.com>, Nicolas Schodet <nico@...fr.eu.org>, Guilhem Imberton <guilhem.imberton@...vo.com>, Thomas Petazzoni <thomas.petazzoni@...tlin.com>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org, Dan Carpenter <error27@...il.com> Subject: Re: [PATCH wpan] mac802154: Fix possible double free upon parsing error Hello. On 17.12.22 00:57, Miquel Raynal wrote: > Commit 4d1c7d87030b ("mac802154: Move an skb free within the rx path") > tried to simplify error handling within the receive path by moving the > kfree_skb() call at the very end of the top-level function but missed > one kfree_skb() called upon frame parsing error. Prevent this possible > double free from happening. > > Fixes: 4d1c7d87030b ("mac802154: Move an skb free within the rx path") > Reported-by: Dan Carpenter <error27@...il.com> > Signed-off-by: Miquel Raynal <miquel.raynal@...tlin.com> > --- > net/mac802154/rx.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/net/mac802154/rx.c b/net/mac802154/rx.c > index c2aae2a6d6a6..97bb4401dd3e 100644 > --- a/net/mac802154/rx.c > +++ b/net/mac802154/rx.c > @@ -213,7 +213,6 @@ __ieee802154_rx_handle_packet(struct ieee802154_local *local, > ret = ieee802154_parse_frame_start(skb, &hdr); > if (ret) { > pr_debug("got invalid frame\n"); > - kfree_skb(skb); > return; > } > This patch has been applied to the wpan tree and will be part of the next pull request to net. Thanks! regards Stefan Schmidt
Powered by blists - more mailing lists