On Fri, 25 Sep 2009 14:25:24 -0600 Jeff Hansen <x@xxxxxxxxxxxxxx> wrote: > There is a potential double-kfree in net/bridge/br_if.c. If br_fdb_insert > fails, then the kobject is put back (which calls kfree due to the kobject > release), and then kfree is called again on the net_bridge_port. This > patch fixes the crash. > > Signed-off-by: Jeff Hansen <x@xxxxxxxxxxxxxx> > --- > net/bridge/br_if.c | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) There is a one line fix. --- a/net/bridge/br_if.c 2009-09-25 14:38:05.980554686 -0700 +++ b/net/bridge/br_if.c 2009-09-25 14:38:38.788556111 -0700 @@ -432,6 +432,7 @@ err2: br_fdb_delete_by_port(br, p, 1); err1: kobject_put(&p->kobj); + p = NULL; /* kobject_put frees */ err0: dev_set_promiscuity(dev, -1); put_back: -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
