Norbert Slusarek 2b17c400ae can: isotp: prevent race between isotp_bind() and isotp_setsockopt() ... A race condition was found in isotp_setsockopt() which allows to change socket options after the socket was bound. For the specific case of SF_BROADCAST support, this might lead to possible use-after-free because can_rx_unregister() is not called. Checking for the flag under the socket lock in isotp_bind() and taking the lock in isotp_setsockopt() fixes the issue. Fixes: 921ca574cd ("can: isotp: add SF_BROADCAST support for functional addressing") Link: https://lore.kernel.org/r/trinity-e6ae9efa-9afb-4326-84c0-f3609b9b8168-1620773528307@3c-app-gmx-bs06 Reported-by: Norbert Slusarek <nslusarek@gmx.net> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Norbert Slusarek <nslusarek@gmx.net> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>		2021-05-12 08:52:47 +02:00
..
j1939	net: introduce CAN specific pointer in the struct net_device	2021-02-24 14:32:15 -08:00
af_can.c	net: introduce CAN specific pointer in the struct net_device	2021-02-24 14:32:15 -08:00
af_can.h	can: introduce CAN midlayer private and allocate it automatically	2019-09-04 13:29:14 +02:00
bcm.c	can: bcm/raw: fix msg_namelen values depending on CAN_REQUIRED_SIZE	2021-03-29 09:51:20 +02:00
gw.c	can: gw: fix typo	2021-01-27 10:01:46 +01:00
isotp.c	can: isotp: prevent race between isotp_bind() and isotp_setsockopt()	2021-05-12 08:52:47 +02:00
Kconfig	net: remove redundant 'depends on NET'	2021-01-27 17:04:12 -08:00
Makefile	can: add ISO 15765-2:2016 transport protocol	2020-10-07 23:18:33 +02:00
proc.c	can: proc: fix rcvlist_* header alignment on 64-bit system	2021-04-25 19:43:00 +02:00
raw.c	can: bcm/raw: fix msg_namelen values depending on CAN_REQUIRED_SIZE	2021-03-29 09:51:20 +02:00