Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 09:16:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-5.15.y
linux-stable/net/packet
History
Ignat Korchagin 132e615bb1 af_packet: avoid erroring out after sock_init_data() in packet_create() 
[ Upstream commit 46f2a11cb8 ]

After sock_init_data() the allocated sk object is attached to the provided
sock object. On error, packet_create() frees the sk object leaving the
dangling pointer in the sock object on return. Some other code may try
to use this pointer and cause use-after-free.

Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-2-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-12-14 19:51:37 +01:00
..
af_packet.c af_packet: avoid erroring out after sock_init_data() in packet_create() 2024-12-14 19:51:37 +01:00
diag.c af_packet: Fix data-races of pkt_sk(sk)->num. 2023-06-09 10:32:16 +02:00
internal.h packet: Move reference count in packet_sock to atomic_long_t 2023-12-13 18:36:43 +01:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00