iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Oleksij Rempel 7eef18c047 can: j1939: j1939_session_deactivate(): clarify lifetime of session object 
commit 0c71437dd50dd687c15d8ca80b3b68f10bb21d63 upstream.

The j1939_session_deactivate() is decrementing the session ref-count and
potentially can free() the session. This would cause use-after-free
situation.

However, the code calling j1939_session_deactivate() does always hold
another reference to the session, so that it would not be free()ed in
this code path.

This patch adds a comment to make this clear and a WARN_ON, to ensure
that future changes will not violate this requirement. Further this
patch avoids dereferencing the session pointer as a precaution to avoid
use-after-free if the session is actually free()ed.

Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Link: https://lore.kernel.org/r/20210714111602.24021-1-o.rempel@pengutronix.de
Reported-by: Xiaochen Zou <xzou017@ucr.edu>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-08-04 12:27:40 +02:00
..
6lowpan
9p
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
2020-11-05 11:43:20 +01:00
802
net/802/garp: fix memleak in garp_request_join()
2021-07-31 08:19:38 +02:00
8021q
net: vlan: avoid leaks on register_vlan_dev() failures
2021-01-17 14:05:31 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 14:47:41 +02:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 13:17:58 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 18:39:31 +02:00
batman-adv
batman-adv: Avoid WARN_ON timing related checks
2021-06-23 14:41:23 +02:00
bluetooth
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
2021-07-19 08:53:13 +02:00
bpf
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-07-14 16:53:33 +02:00
bridge
net: bridge: sync fdb to new unicast-filtering ports
2021-07-25 14:35:14 +02:00
caif
net: fix uninit-value in caif_seqpkt_sendmsg
2021-07-28 13:30:56 +02:00
can
can: j1939: j1939_session_deactivate(): clarify lifetime of session object
2021-08-04 12:27:40 +02:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-11-05 11:43:34 +01:00
core
net: annotate data race around sk_ll_usec
2021-07-31 08:19:38 +02:00
dcb
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
2021-01-23 15:57:59 +01:00
dccp
ipv6: weaken the v4mapped source check
2021-04-07 14:47:38 +02:00
decnet
net: decnet: Fix sleeping inside in af_decnet
2021-07-28 13:30:56 +02:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-04-23 10:36:45 +02:00
dsa
net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
2021-06-03 08:59:12 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:20:06 +01:00
hsr
hsr: use netdev_err() instead of WARN_ONCE()
2021-05-14 09:44:10 +02:00
ieee802154
net: ieee802154: fix null deref in parse dev addr
2021-06-18 09:58:57 +02:00
ife
net: Fix Kconfig indentation
2019-09-26 08:56:17 +02:00
ipv4
net: Set true network header for ECN decapsulation
2021-08-04 12:27:39 +02:00
ipv6
ipv6: ip6_finish_output2: set sk into newly allocated nskb
2021-07-31 08:19:39 +02:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:20:42 +01:00
kcm
kcm: disable preemption in kcm_parse_func_strparser()
2019-09-27 10:27:14 +02:00
key
af_key: relax availability checks for skb size calculation
2021-02-13 13:52:54 +01:00
l2tp
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
2020-07-22 09:32:47 +02:00
l3mdev
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:25:28 +01:00
llc
net: llc: fix skb_over_panic
2021-08-04 12:27:39 +02:00
mac80211
mac80211: remove iwlwifi specific workaround NDPs of null_response
2021-07-14 16:53:32 +02:00
mac802154
net: mac802154: Fix general protection fault
2021-04-14 08:24:18 +02:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-17 17:03:31 +01:00
ncsi
net/ncsi: Avoid channel_monitor hrtimer deadlock
2021-04-14 08:24:15 +02:00
netfilter
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
2021-08-04 12:27:38 +02:00
netlabel
netlabel: Fix memory leak in netlbl_mgmt_add_common
2021-07-14 16:53:29 +02:00
netlink
netlink: disable IRQs for netlink_lock_table()
2021-06-16 11:59:34 +02:00
netrom
netrom: Decrease sock refcount when sock timers expire
2021-07-28 13:30:56 +02:00
nfc
net/nfc/rawsock.c: fix a permission check bug
2021-06-16 11:59:33 +02:00
nsh
openvswitch
openvswitch: meter: fix race when getting now_ms.
2021-06-03 08:59:13 +02:00
packet
net/packet: annotate accesses to po->ifindex
2021-06-30 08:47:48 -04:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
psample
net: psample: fix skb_over_panic
2019-12-04 22:30:54 +01:00
qrtr
net: qrtr: fix OOB Read in qrtr_endpoint_post
2021-06-23 14:41:25 +02:00
rds
net: rds: fix memory leak in rds_recvmsg
2021-06-23 14:41:24 +02:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-24 13:29:05 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-12-08 10:40:23 +01:00
rxrpc
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
2021-02-17 10:35:18 +01:00
sched
net_sched: check error pointer in tcf_dump_walker()
2021-08-04 12:27:37 +02:00
sctp
sctp: fix return value check in __sctp_rcv_asconf_lookup
2021-08-04 12:27:40 +02:00
smc
Revert "net/smc: fix a NULL pointer dereference"
2021-06-03 08:59:08 +02:00
strparser
sunrpc
SUNRPC: Should wake up the privileged task firstly.
2021-07-14 16:53:05 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:35:46 +01:00
tipc
tipc: fix sleeping in tipc accept routine
2021-08-04 12:27:39 +02:00
tls
tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
2021-07-14 16:53:31 +02:00
unix
af_unix: fix garbage collect vs MSG_PEEK
2021-07-31 08:19:37 +02:00
vmw_vsock
vsock: notify server to shutdown when client has pending signal
2021-07-19 08:53:12 +02:00
wimax
wimax: no need to check return value of debugfs_create functions
2019-08-10 15:25:47 -07:00
wireless
cfg80211: Fix possible memory leak in function cfg80211_bss_update
2021-08-04 12:27:38 +02:00
x25
net/x25: Return the correct errno code
2021-06-18 09:59:00 +02:00
xdp
xsk: Simplify detection of empty and full rings
2021-05-22 11:38:27 +02:00
xfrm
xfrm: Fix error reporting in xfrm_state_construct.
2021-07-19 08:53:11 +02:00
compat.c
net: Return the correct errno code
2021-06-18 09:59:00 +02:00
Kconfig
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
2020-04-01 11:02:18 +02:00
Makefile
socket.c
net: make get_net_ns return error if NET_NS is disabled
2021-06-23 14:41:25 +02:00
sysctl_net.c