]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b57981f) | patch
vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
authorStefan Hajnoczi <stefanha@redhat.com>
Thu, 4 Aug 2016 13:52:53 +0000 (14:52 +0100)
committerMichael S. Tsirkin <mst@redhat.com>
Tue, 9 Aug 2016 10:42:37 +0000 (13:42 +0300)
commit36383869a2bd7a7754863c07d3cbde0bd45d1902
tree351ecd0bebf5e2e863ad233fe356cf54a08d9ce3tree | snapshot
parentb57981f86c6410bbf31895fa5c39fa29fdffb466commit | diff
vhost/vsock: fix vhost virtio_vsock_pkt use-after-free

Stash the packet length in a local variable before handing over
ownership of the packet to virtio_transport_recv_pkt() or
virtio_transport_free_pkt().

This patch solves the use-after-free since pkt is no longer guaranteed
to be alive.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
drivers/vhost/vsock.c diff | blob | history
Linux Kernel Source Tree.