| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3c91e145-5cd5-4d9d-9590-3b74b811436a@moroto.mountain>
Date: Wed, 4 Oct 2023 12:22:02 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Alexander Aring <alex.aring@...il.com>
Cc: Stefan Schmidt <stefan@...enfreihafen.org>,
Miquel Raynal <miquel.raynal@...tlin.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Angus Chen <angus.chen@...uarmicro.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Joel Granados <joel.granados@...il.com>, linux-wpan@...r.kernel.org,
netdev@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: [PATCH net] 6lowpan: fix double free in lowpan_frag_rcv()
The skb() is freed by the caller in lowpan_invoke_rx_handlers() so this
free is a double free.
Fixes: 7240cdec60b1 ("6lowpan: handling 6lowpan fragmentation via inet_frag api")
Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
---
>From static analysis, untested.
net/ieee802154/6lowpan/reassembly.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c
index 6dd960ec558c..1ccefc07049c 100644
--- a/net/ieee802154/6lowpan/reassembly.c
+++ b/net/ieee802154/6lowpan/reassembly.c
@@ -313,7 +313,6 @@ int lowpan_frag_rcv(struct sk_buff *skb, u8 frag_type)
}
err:
- kfree_skb(skb);
return -1;
}
--
2.39.2
Powered by blists - more mailing lists