Re: [PATCH net-next v3 4/9] net: af_can: do not leave a dangling sk pointer in can_create()

From: Marc Kleine-Budde
Date: Tue Oct 15 2024 - 02:22:25 EST

Next message: Yijie Yang: "Re: [PATCH 3/3] dt-bindings: net: qcom,ethqos: add description for qcs8300"
Previous message: Huacai Chen: "Re: [PATCH 1/4] LoongArch: Don't crash in stack_top() for tasks without vDSO"
In reply to: Kuniyuki Iwashima: "Re: [PATCH net-next v3 4/9] net: af_can: do not leave a dangling sk pointer in can_create()"
Next in thread: Ignat Korchagin: "[PATCH net-next v3 2/9] Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14.10.2024 16:38:03, Ignat Korchagin wrote:
> On error can_create() frees the allocated sk object, but sock_init_data()
> has already attached it to the provided sock object. This will leave a
> dangling sk pointer in the sock object and may cause use-after-free later.
>
> Signed-off-by: Ignat Korchagin <ignat@xxxxxxxxxxxxxx>
> Reviewed-by: Vincent Mailhol <mailhol.vincent@xxxxxxxxxx>

Reviewed-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>

regards,
Marc

--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung Nürnberg | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |

Attachment: signature.asc
Description: PGP signature

Next message: Yijie Yang: "Re: [PATCH 3/3] dt-bindings: net: qcom,ethqos: add description for qcs8300"
Previous message: Huacai Chen: "Re: [PATCH 1/4] LoongArch: Don't crash in stack_top() for tasks without vDSO"
In reply to: Kuniyuki Iwashima: "Re: [PATCH net-next v3 4/9] net: af_can: do not leave a dangling sk pointer in can_create()"
Next in thread: Ignat Korchagin: "[PATCH net-next v3 2/9] Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]