From: Vegard Nossum <vegard.nossum@xxxxxxxxxx> Date: Fri, 12 Aug 2016 10:29:13 +0200 > If iriap_register_lsap() fails to allocate memory, self->lsap is > set to NULL. However, none of the callers handle the failure and > irlmp_connect_request() will happily dereference it: ... > The bug seems to have been around since forever. > > There's more problems with missing error checks in iriap_init() (and > indeed all of irda_init()), but that's a bigger problem that needs > very careful review and testing. This patch will fix the most serious > bug (as it's easily reached from unprivileged userspace). > > I have tested my patch with a reproducer. > > Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx> Applied. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html