diff options
author | Stefan Hajnoczi <stefanha@redhat.com> | 2016-08-04 15:52:53 +0200 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2016-08-09 12:42:37 +0200 |
commit | 3fda5d6e580193fa005014355b3a61498f1b3ae0 (patch) | |
tree | 351ecd0bebf5e2e863ad233fe356cf54a08d9ce3 /drivers/acpi/cm_sbs.c | |
parent | 9p/trans_virtio: use kvfree() for iov_iter_get_pages_alloc() (diff) | |
download | linux-3fda5d6e580193fa005014355b3a61498f1b3ae0.tar.xz linux-3fda5d6e580193fa005014355b3a61498f1b3ae0.zip |
vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
Stash the packet length in a local variable before handing over
ownership of the packet to virtio_transport_recv_pkt() or
virtio_transport_free_pkt().
This patch solves the use-after-free since pkt is no longer guaranteed
to be alive.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'drivers/acpi/cm_sbs.c')
0 files changed, 0 insertions, 0 deletions