Re: [PATCH] use-after-free while iterating session->conn_list (two places)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 3 May 2017 16:35:45 +0000
Anton Kovalenko <Anton.Kovalenko@xxxxxxxxxxx> wrote:

> The problem (accessing session->conn_list after freeing session) was discovered using valgrind.
> 
> Note that while list_for_each_entry_safe is safe against current list element destruction, 
> it is UNSAFE against the traversed list_head (third argument) becoming invalid during iteration.
> That's exactly what happens when the last connection of a session goes away (conn_exit -> session_put -> use-after-free).

Great catch, applied both. Any other places like this?

Thanks a lot!
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux SCSI]     [Linux RAID]     [Linux Clusters]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]

  Powered by Linux