[PATCH 4.9 142/223] macsec: fix use-after-free of skb during RX

From: Greg Kroah-Hartman
Date: Fri Aug 02 2019 - 05:46:24 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 144/223] netrom: fix a memory leak in nr_rx_frame()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 141/223] vrf: make sure skb->data contains ip header to make routing"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 141/223] vrf: make sure skb->data contains ip header to make routing"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 144/223] netrom: fix a memory leak in nr_rx_frame()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andreas Steinmetz <ast@xxxxxxxx>

[ Upstream commit 095c02da80a41cf6d311c504d8955d6d1c2add10 ]

Fix use-after-free of skb when rx_handler returns RX_HANDLER_PASS.

Signed-off-by: Andreas Steinmetz <ast@xxxxxxxx>
Acked-by: Willem de Bruijn <willemb@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/macsec.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1105,10 +1105,9 @@ static rx_handler_result_t macsec_handle
}

skb = skb_unshare(skb, GFP_ATOMIC);
- if (!skb) {
- *pskb = NULL;
+ *pskb = skb;
+ if (!skb)
return RX_HANDLER_CONSUMED;
- }

pulled_sci = pskb_may_pull(skb, macsec_extra_len(true));
if (!pulled_sci) {

Next message: Greg Kroah-Hartman: "[PATCH 4.9 144/223] netrom: fix a memory leak in nr_rx_frame()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 141/223] vrf: make sure skb->data contains ip header to make routing"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 141/223] vrf: make sure skb->data contains ip header to make routing"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 144/223] netrom: fix a memory leak in nr_rx_frame()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]