korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-14 22:44:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
1c20c89b04
linux/drivers/usb
History
Chandana Kishori Chiluveru 1c20c89b04 usb: gadget: composite: Fix possible double free memory bug 
composite_dev_cleanup call from the failure of configfs_composite_bind
frees up the cdev->os_desc_req and cdev->req. If the previous calls of
bind and unbind is successful these will carry stale values.

Consider the below sequence of function calls:
configfs_composite_bind()
        composite_dev_prepare()
                - Allocate cdev->req, cdev->req->buf
        composite_os_desc_req_prepare()
                - Allocate cdev->os_desc_req, cdev->os_desc_req->buf
configfs_composite_unbind()
        composite_dev_cleanup()
                - free the cdev->os_desc_req->buf and cdev->req->buf
Next composition switch
configfs_composite_bind()
        - If it fails goto err_comp_cleanup will call the
	  composite_dev_cleanup() function
        composite_dev_cleanup()
	        - calls kfree up with the stale values of cdev->req->buf and
		  cdev->os_desc_req from the previous configfs_composite_bind
		  call. The free call on these stale values leads to double free.

Hence, Fix this issue by setting request and buffer pointer to NULL after
kfree.

Signed-off-by: Chandana Kishori Chiluveru <cchiluve@codeaurora.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2019-10-27 08:58:45 +02:00
..
atm USB: atm: cxacru: convert to use dev_groups 2019-08-09 07:55:45 +02:00
c67x00 USB: add SPDX identifiers to all remaining Makefiles 2017-11-07 15:53:48 +01:00
cdns3 usb: cdns3: include host-export,h for cdns3_host_init 2019-10-27 08:58:44 +02:00
chipidea Add role switch class support for chipidea 2019-09-05 10:02:07 +02:00
class USB: usblp: fix use-after-free on disconnect 2019-10-15 20:19:19 +02:00
common usb: common: add USB GPIO based connection detection driver 2019-09-03 19:01:04 +02:00
core LED updates for 5.4-rc1 2019-09-17 18:40:42 -07:00
dwc2 USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
dwc3 usb: dwc3: select CONFIG_REGMAP_MMIO 2019-10-27 08:58:44 +02:00
early drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
gadget usb: gadget: composite: Fix possible double free memory bug 2019-10-27 08:58:45 +02:00
host xhci-ext-caps.c: Add missing platform_device_put() on error in xhci_create_intel_xhci_sw_pdev() 2019-10-04 14:37:53 +02:00
image USB: microtek: fix info-leak at probe 2019-10-04 11:02:58 +02:00
isp1760 usb: add a HCD_DMA flag instead of guestimating DMA capabilities 2019-08-21 10:03:35 -07:00
misc USB: ldusb: fix read info leaks 2019-10-18 11:56:22 -07:00
mon docs: usb: rename files to .rst and add them to drivers-api 2019-06-20 14:28:36 +02:00
mtu3 usb: mtu3: fix missing include of mtu3_dr.h 2019-10-27 08:58:44 +02:00
musb usb: add a HCD_DMA flag instead of guestimating DMA capabilities 2019-08-21 10:03:35 -07:00
phy USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
renesas_usbhs usb: renesas_usbhs: fix type of buf 2019-10-27 08:58:44 +02:00
roles USB changes for 5.4-rc1 2019-09-18 10:33:46 -07:00
serial USB: serial: ti_usb_3410_5052: clean up serial data access 2019-10-16 10:29:23 +02:00
storage Modules updates for v5.4 2019-09-22 10:34:46 -07:00
typec usb: typec: ucsi: displayport: Fix for the mode entering routine 2019-10-04 13:51:26 +02:00
usbip usbip: vhci_hcd indicate failed message 2019-10-04 11:02:59 +02:00
Kconfig usb: common: create Kconfig file 2019-09-03 19:00:39 +02:00
Makefile USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
usb-skeleton.c USB: usb-skeleton: drop redundant in-urb check 2019-10-10 12:41:19 +02:00