tipc: fix use-after-free in tipc_disc_rcv()

author Tuong Lien <tuong.t.lien@dektech.com.au>

Tue, 10 Dec 2019 08:21:05 +0000 (15:21 +0700)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 18 Jan 2023 10:42:06 +0000 (11:42 +0100)
author Tuong Lien <tuong.t.lien@dektech.com.au>
Tue, 10 Dec 2019 08:21:05 +0000 (15:21 +0700)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 18 Jan 2023 10:42:06 +0000 (11:42 +0100)
diff --git a/net/tipc/discover.c b/net/tipc/discover.c

index 61b80de934891ecea990eb80cde591765e9a2452..9c64567f8a7410c7beab5bcc51b41bc2e14c3d20 100644 (file)
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -194,6 +194,7 @@ void tipc_disc_rcv(struct net *net, struct sk_buff *skb,
  {
         struct tipc_net *tn = tipc_net(net);
         struct tipc_msg *hdr = buf_msg(skb);
+       u32 pnet_hash = msg_peer_net_hash(hdr);
         u16 caps = msg_node_capabilities(hdr);
         bool legacy = tn->legacy_addr_format;
         u32 sugg = msg_sugg_node_addr(hdr);
@@ -245,9 +246,8 @@ void tipc_disc_rcv(struct net *net, struct sk_buff *skb,
                 return;
         if (!tipc_in_scope(legacy, b->domain, src))
                 return;
-       tipc_node_check_dest(net, src, peer_id, b, caps, signature,
-                            msg_peer_net_hash(hdr), &maddr, &respond,
-                            &dupl_addr);
+       tipc_node_check_dest(net, src, peer_id, b, caps, signature, pnet_hash,
+                            &maddr, &respond, &dupl_addr);
         if (dupl_addr)
                 disc_dupl_alert(b, src, &maddr);
         if (!respond)
author	Tuong Lien <tuong.t.lien@dektech.com.au>
	Tue, 10 Dec 2019 08:21:05 +0000 (15:21 +0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 18 Jan 2023 10:42:06 +0000 (11:42 +0100)