Re: [PATCH] fix use after free in netlink_kernel_create()
From: Andrew Morton
Date: Sun Aug 13 2006 - 13:41:54 EST
On Sun, 13 Aug 2006 13:52:58 +0200
Patrick McHardy <kaber@xxxxxxxxx> wrote:
> Akinobu Mita wrote:
> > This patch invalidates nl_table by setting NULL when netlink
> > initialization failed. Otherwise netlink_kernel_create() would
> > access nl_table which has already been freed.
> Quite a few users of netlink_kernel_create will panic when creating
> the socket fails (rtnetlink for example, which is always present),
> so you might as well call panic here directly.
That's a bit lame. Panicing at do_initcalls() time is OK (something is
seriously screwed anyway) but we usually try to handle the ENOMEM nicely if
it happens at modprobe-time.
(It's all pretty theoretical anyway - reasonable-sized GFP_KERNEL
allocations don't fail).
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/