Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 3fda5d6e580193fa005014355b3a61498f1b3ae0
commit3fda5d6e580193fa005014355b3a61498f1b3ae0[log] [tgz]
authorStefan Hajnoczi <stefanha@redhat.com>Thu Aug 04 14:52:53 2016 +0100
committerMichael S. Tsirkin <mst@redhat.com>Tue Aug 09 13:42:37 2016 +0300
tree351ecd0bebf5e2e863ad233fe356cf54a08d9ce3
parent1b8553c04bf95180eb91be94f089a1e8b38cfd62 [diff]
vhost/vsock: fix vhost virtio_vsock_pkt use-after-free

Stash the packet length in a local variable before handing over
ownership of the packet to virtio_transport_recv_pkt() or
virtio_transport_free_pkt().

This patch solves the use-after-free since pkt is no longer guaranteed
to be alive.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
1 file changed
tree: 351ecd0bebf5e2e863ad233fe356cf54a08d9ce3
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS