Re: [PATCH net-next v3 1/9] af_packet: avoid erroring out after sock_init_data() in packet_create()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 14, 2024 at 5:38 PM Ignat Korchagin <ignat@xxxxxxxxxxxxxx> wrote:
>
> After sock_init_data() the allocated sk object is attached to the provided
> sock object. On error, packet_create() frees the sk object leaving the
> dangling pointer in the sock object on return. Some other code may try
> to use this pointer and cause use-after-free.
>
> Suggested-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Signed-off-by: Ignat Korchagin <ignat@xxxxxxxxxxxxxx>
> ---

Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>

Thanks.
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux