Re: [PATCH v1] can: j1939: j1939_session_deactivate(): clarify lifetime of session object

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 14.07.2021 13:16:02, Oleksij Rempel wrote:
> The j1939_session_deactivate() is decrementing the session ref-count and
> potentially can free() the session. This would cause use-after-free
> situation.
> 
> However, the code calling j1939_session_deactivate() does always hold
> another reference to the session, so that it would not be free()ed in
> this code path.
> 
> This patch adds a comment to make this clear and a WARN_ON, to ensure
> that future changes will not violate this requirement. Further this
> patch avoids dereferencing the session pointer as a precaution to avoid
> use-after-free if the session is actually free()ed.
> 
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Reported-by: Xiaochen Zou <xzou017@xxxxxxx>
> Signed-off-by: Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx>

Added to linux-can/testing

regards,
Marc
-- 
Pengutronix e.K.                 | Marc Kleine-Budde           |
Embedded Linux                   | https://www.pengutronix.de  |
Vertretung West/Dortmund         | Phone: +49-231-2826-924     |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-5555 |

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Automotive Discussions]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [CAN Bus]

  Powered by Linux