proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-10 07:20:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e0cd06f7fc
mirror_ubuntu-kernels/net/appletalk
History
Hyunwoo Kim 189ff16722 appletalk: Fix Use-After-Free in atalk_ioctl 
Because atalk_ioctl() accesses sk->sk_receive_queue
without holding a sk->sk_receive_queue.lock, it can
cause a race with atalk_recvmsg().
A use-after-free for skb occurs with the following flow.
```
atalk_ioctl() -> skb_peek()
atalk_recvmsg() -> skb_recv_datagram() -> skb_free_datagram()
```
Add sk->sk_receive_queue.lock to atalk_ioctl() to fix this issue.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Link: https://lore.kernel.org/r/20231213041056.GA519680@v4bel-B760M-AORUS-ELITE-AX
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-12-14 12:02:45 +01:00
..
aarp.c net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
atalk_proc.c appletalk: Fix atalk_proc_init() return path 2020-08-03 15:48:32 -07:00
ddp.c appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-14 12:02:45 +01:00
dev.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig appletalk: remove ipddp driver 2023-10-10 17:49:00 -07:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
sysctl_net_atalk.c appletalk: Fix use-after-free in atalk_proc_exit 2019-03-03 13:01:49 -08:00