| Message ID | 20210713105853.8979-1-paskripkin@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | net: fddi: fix UAF in fza_probe | expand |
Hello: This patch was applied to netdev/net.git (refs/heads/master): On Tue, 13 Jul 2021 13:58:53 +0300 you wrote: > fp is netdev private data and it cannot be > used after free_netdev() call. Using fp after free_netdev() > can cause UAF bug. Fix it by moving free_netdev() after error message. > > Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700 > TURBOchannel adapter") > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > > [...] Here is the summary with links: - net: fddi: fix UAF in fza_probe https://git.kernel.org/netdev/net/c/deb7178eb940 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
On Tue, 13 Jul 2021, Pavel Skripkin wrote: > fp is netdev private data and it cannot be > used after free_netdev() call. Using fp after free_netdev() > can cause UAF bug. Fix it by moving free_netdev() after error message. Can you justify the lines for a better layout? The paragraph looks odd to me in its current form. > Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700 > TURBOchannel adapter") > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> Otherwise LGTM. And a good catch, thank you! Reviewed-by: Maciej W. Rozycki <macro@orcam.me.uk> Maciej
diff --git a/drivers/net/fddi/defza.c b/drivers/net/fddi/defza.c index 14f07050b6b1..0de2c4552f5e 100644 --- a/drivers/net/fddi/defza.c +++ b/drivers/net/fddi/defza.c @@ -1504,9 +1504,8 @@ static int fza_probe(struct device *bdev) release_mem_region(start, len); err_out_kfree: - free_netdev(dev); - pr_err("%s: initialization failure, aborting!\n", fp->name); + free_netdev(dev); return ret; }
fp is netdev private data and it cannot be used after free_netdev() call. Using fp after free_netdev() can cause UAF bug. Fix it by moving free_netdev() after error message. Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700 TURBOchannel adapter") Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- drivers/net/fddi/defza.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)