Re: [patch] isdn: gigaset: use after free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 06.08.2010 10:21 schrieb Dan Carpenter:
> I moved the kfree(cb) below the dereferences.

Thanks for finding and fixing that bug.

> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>

Acked-by: Tilman Schmidt <tilman@xxxxxxx>

> diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c
> index 0ded364..707d9c9 100644
> --- a/drivers/isdn/gigaset/bas-gigaset.c
> +++ b/drivers/isdn/gigaset/bas-gigaset.c
> @@ -1914,11 +1914,13 @@ static int gigaset_write_cmd(struct cardstate *cs, struct cmdbuf_t *cb)
>  	 * The next command will reopen the AT channel automatically.
>  	 */
>  	if (cb->len == 3 && !memcmp(cb->buf, "+++", 3)) {
> -		kfree(cb);
>  		rc = req_submit(cs->bcs, HD_CLOSE_ATCHANNEL, 0, BAS_TIMEOUT);
>  		if (cb->wake_tasklet)
>  			tasklet_schedule(cb->wake_tasklet);
> -		return rc < 0 ? rc : cb->len;
> +		if (!rc)
> +			rc = cb->len;
> +		kfree(cb);
> +		return rc;
>  	}
>  
>  	spin_lock_irqsave(&cs->cmdlock, flags);

-- 
Tilman Schmidt                    E-Mail: tilman@xxxxxxx
Bonn, Germany
Diese Nachricht besteht zu 100% aus wiederverwerteten Bits.
Ungeöffnet mindestens haltbar bis: (siehe Rückseite)

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux