af_packet: avoid erroring out after sock_init_data() in packet_create() - kernel

diff options

author	Ignat Korchagin <[email protected]>	2024-10-14 15:38:00 +0000
committer	Jakub Kicinski <[email protected]>	2024-10-16 01:43:07 +0000
commit	46f2a11cb82b657fd15bab1c47821b635e03838b (patch)
tree	c672257cfcad494edf338ce282f75958e35d672d /net/bluetooth/l2cap_sock.c
parent	net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (diff)
download	kernel-46f2a11cb82b657fd15bab1c47821b635e03838b.tar.gz kernel-46f2a11cb82b657fd15bab1c47821b635e03838b.zip

af_packet: avoid erroring out after sock_init_data() in packet_create()

After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. Suggested-by: Eric Dumazet <[email protected]> Signed-off-by: Ignat Korchagin <[email protected]> Reviewed-by: Kuniyuki Iwashima <[email protected]> Reviewed-by: Willem de Bruijn <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>

Diffstat (limited to 'net/bluetooth/l2cap_sock.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: