[patch 05/20] nfnetlink_log: fix use after free | KernelTrap

[patch 05/20] nfnetlink_log: fix use after free

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Greg KH

Subject: [patch 05/20] nfnetlink_log: fix use after free

Date: Friday, March 9, 2007 - 11:17 pm

-stable review patch.  If anyone has any objections, please let us know.

------------------
From: Patrick McHardy <kaber@trash.net>

[NETFILTER]: nfnetlink_log: fix use after free

Paranoia: instance_put() might have freed the inst pointer when we
spin_unlock_bh().

Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 net/netfilter/nfnetlink_log.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -397,8 +397,8 @@ static void nfulnl_timer(unsigned long d
 	if (timer_pending(&inst->timer))	/* is it always true or false here? */
 		del_timer(&inst->timer);
 	__nfulnl_send(inst);
-	instance_put(inst);
 	spin_unlock_bh(&inst->lock);
+	instance_put(inst);
 }
 
 /* This is an inline function, we don't really care about a long

-- 
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 00/20] 2.6.20-stable review, Greg KH, (Fri Mar 9, 11:16 pm)

[patch 01/20] conntrack: fix {nf, ip}_ct_iterate_cleanup e ..., Greg KH, (Fri Mar 9, 11:16 pm)

[patch 02/20] nf_conntrack/nf_nat: fix incorrect config ifdefs, Greg KH, (Fri Mar 9, 11:16 pm)

[patch 03/20] tcp conntrack: accept SYN|URG as valid, Greg KH, (Fri Mar 9, 11:16 pm)

[patch 04/20] nfnetlink_log: fix reference leak, Greg KH, (Fri Mar 9, 11:17 pm)

[patch 05/20] nfnetlink_log: fix use after free, Greg KH, (Fri Mar 9, 11:17 pm)

[patch 06/20] nfnetlink_log: fix NULL pointer dereference, Greg KH, (Fri Mar 9, 11:17 pm)

[patch 07/20] nfnetlink_log: fix possible NULL pointer der ..., Greg KH, (Fri Mar 9, 11:17 pm)

[patch 08/20] ip6_route_me_harder should take into account ..., Greg KH, (Fri Mar 9, 11:17 pm)

[patch 09/20] nf_conntrack: fix incorrect classification o ..., Greg KH, (Fri Mar 9, 11:17 pm)

[patch 10/20] nfnetlink_log: zero-terminate prefix, Greg KH, (Fri Mar 9, 11:17 pm)

[patch 11/20] nfnetlink_log: fix crash on bridged packet, Greg KH, (Fri Mar 9, 11:17 pm)

[patch 12/20] nfnetlink_log: fix reference counting, Greg KH, (Fri Mar 9, 11:18 pm)

[patch 13/20] Fix bug 7994 sleeping function called from i ..., Greg KH, (Fri Mar 9, 11:18 pm)

[patch 14/20] bcm43xx: Fix problem with >1 GB RAM, Greg KH, (Fri Mar 9, 11:18 pm)

[patch 15/20] Fix compat_getsockopt, Greg KH, (Fri Mar 9, 11:18 pm)

[patch 16/20] fix for bugzilla #7544 (keyspan USB-to-seria ..., Greg KH, (Fri Mar 9, 11:18 pm)

[patch 17/20] Fix callback bug in connector, Greg KH, (Fri Mar 9, 11:18 pm)

[patch 18/20] Fix sparc64 device register probing, Greg KH, (Fri Mar 9, 11:18 pm)

[patch 19/20] Fix timewait jiffies, Greg KH, (Fri Mar 9, 11:18 pm)

[patch 20/20] Fix UDP header pointer after pskb_trim_rcsum(), Greg KH, (Fri Mar 9, 11:19 pm)

Re: [patch 00/20] 2.6.20-stable review, Greg KH, (Fri Mar 9, 11:23 pm)

Re: [stable] [patch 12/20] nfnetlink_log: fix reference co ..., Greg KH, (Sat Mar 10, 2:14 am)

Re: [patch 00/20] 2.6.20-stable review, Chuck Ebbert, (Sat Mar 10, 2:43 pm)

Re: [patch 00/20] 2.6.20-stable review, Greg KH, (Sat Mar 10, 2:49 pm)

Re: [stable] [patch 12/20] nfnetlink_log: fix reference co ..., Patrick McHardy, (Tue Mar 13, 8:45 am)

Navigation

Popular discussions


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables