iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
075ddd7568
linux/net/ax25
History
Cong Wang c433570458 ax25: fix a use-after-free in ax25_fillin_cb() 
There are multiple issues here:

1. After freeing dev->ax25_ptr, we need to set it to NULL otherwise
   we may use a dangling pointer.

2. There is a race between ax25_setsockopt() and device notifier as
   reported by syzbot. Close it by holding RTNL lock.

3. We need to test if dev->ax25_ptr is NULL before using it.

Reported-and-tested-by: syzbot+ae6bb869cbed29b29040@syzkaller.appspotmail.com
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-12-30 14:07:54 -08:00
..
af_ax25.c ax25: fix a use-after-free in ax25_fillin_cb() 2018-12-30 14:07:54 -08:00
ax25_addr.c ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
ax25_dev.c ax25: fix a use-after-free in ax25_fillin_cb() 2018-12-30 14:07:54 -08:00
ax25_ds_in.c ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
ax25_ds_subr.c ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
ax25_ds_timer.c net: ax25: Convert timers to use timer_setup() 2017-10-25 12:03:56 +09:00
ax25_iface.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ax25_in.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ax25_ip.c ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
ax25_out.c ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
ax25_route.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
ax25_std_in.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ax25_std_subr.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ax25_std_timer.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ax25_subr.c ax25: Fix segfault after sock connection timeout 2017-01-16 14:39:58 -05:00
ax25_timer.c net: ax25: Convert timers to use timer_setup() 2017-10-25 12:03:56 +09:00
ax25_uid.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
Kconfig
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sysctl_net_ax25.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
TODO