projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a8ba53d)
macsec: fix use-after-free of skb during RX
authorAndreas Steinmetz <ast@domdv.de>
Sun, 30 Jun 2019 20:46:42 +0000 (22:46 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 28 Jul 2019 06:29:26 +0000 (08:29 +0200)
[ Upstream commit 095c02da80a41cf6d311c504d8955d6d1c2add10 ]

Fix use-after-free of skb when rx_handler returns RX_HANDLER_PASS.

Signed-off-by: Andreas Steinmetz <ast@domdv.de>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/net/macsec.c patch | blob | history

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 7de88b3..7a2dae9 100644 (file)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1103,10 +1103,9 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
        }
 
        skb = skb_unshare(skb, GFP_ATOMIC);
-       if (!skb) {
-               *pskb = NULL;
+       *pskb = skb;
+       if (!skb)
                return RX_HANDLER_CONSUMED;
-       }
 
        pulled_sci = pskb_may_pull(skb, macsec_extra_len(true));
        if (!pulled_sci) {
Domain: System / Kernel;