korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-28 06:34:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
505b1a88d3
linux/net/rose
History
Hyunwoo Kim 810c38a369 net/rose: Fix Use-After-Free in rose_ioctl 
Because rose_ioctl() accesses sk->sk_receive_queue
without holding a sk->sk_receive_queue.lock, it can
cause a race with rose_accept().
A use-after-free for skb occurs with the following flow.
```
rose_ioctl() -> skb_peek()
rose_accept() -> skb_dequeue() -> kfree_skb()
```
Add sk->sk_receive_queue.lock to rose_ioctl() to fix this issue.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Link: https://lore.kernel.org/r/20231209100538.GA407321@v4bel-B760M-AORUS-ELITE-AX
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-12 13:24:58 +01:00
..
af_rose.c net/rose: Fix Use-After-Free in rose_ioctl 2023-12-12 13:24:58 +01:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
rose_dev.c rose: constify dev_addr passing 2021-10-13 09:40:45 -07:00
rose_in.c net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
rose_link.c rose: Fix NULL pointer dereference in rose_send_frame() 2022-11-02 11:57:30 +00:00
rose_loopback.c rose: check NULL rose_loopback_neigh->loopback 2022-08-22 14:24:54 +01:00
rose_out.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rose_route.c net: rose: fix netdev reference changes 2022-08-01 11:59:23 -07:00
rose_subr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rose_timer.c net: rose: fix UAF bugs caused by timer handler 2022-06-30 11:07:30 +02:00
sysctl_net_rose.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00