summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWANG Cong <xiyou.wangcong@gmail.com>2016-01-29 20:58:03 +0100
committerDavid S. Miller <davem@davemloft.net>2016-01-30 07:56:46 +0100
commit3d45296ab96c2ec8308226b3350a6d9e48379870 (patch)
tree1842eaaeb44e9d2ac1d485833d0d7e3029e3a51a
parentMerge branch 'arnd-net-driver-fixes' (diff)
downloadlinux-3d45296ab96c2ec8308226b3350a6d9e48379870.tar.xz
linux-3d45296ab96c2ec8308226b3350a6d9e48379870.zip
irda: fix a potential use-after-free in ircomm_param_request
self->ctrl_skb is protected by self->spinlock, we should not access it out of the lock. Move the debugging printk inside. Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/irda/ircomm/ircomm_param.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/net/irda/ircomm/ircomm_param.c b/net/irda/ircomm/ircomm_param.c
index 3c4caa60c926..5728e76ca6d5 100644
--- a/net/irda/ircomm/ircomm_param.c
+++ b/net/irda/ircomm/ircomm_param.c
@@ -134,11 +134,10 @@ int ircomm_param_request(struct ircomm_tty_cb *self, __u8 pi, int flush)
return -1;
}
skb_put(skb, count);
+ pr_debug("%s(), skb->len=%d\n", __func__, skb->len);
spin_unlock_irqrestore(&self->spinlock, flags);
- pr_debug("%s(), skb->len=%d\n", __func__ , skb->len);
-
if (flush) {
/* ircomm_tty_do_softint will take care of the rest */
schedule_work(&self->tqueue);