diff for duplicates of <20210315115058.GA4296@linux.home> diff --git a/a/1.txt b/N1/1.txt index 78b024b..7fe4187 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -3,7 +3,7 @@ On Thu, Mar 11, 2021 at 08:34:44PM +0800, lyl2019@mail.ustc.edu.cn wrote: > > In ppp_unregister_channel, pch could be freed in ppp_unbridge_channels() > but after that pch is still in use. Inside the function ppp_unbridge_channels, -> if "pchbb = pch" is true and then pch will be freed. +> if "pchbb == pch" is true and then pch will be freed. No. It's freed only if if the refcount drops to 0. And the caller of ppp_unregister_channel() must hold its own refcount. So diff --git a/a/content_digest b/N1/content_digest index c084c37..6dafc64 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\06057386d.ca12.1782148389e.Coremail.lyl2019@mail.ustc.edu.cn\0" "From\0Guillaume Nault <gnault@redhat.com>\0" "Subject\0Re: [BUG] net/ppp: A use after free in ppp_unregister_channe\0" - "Date\0Mon, 15 Mar 2021 11:50:58 +0000\0" + "Date\0Mon, 15 Mar 2021 12:50:58 +0100\0" "To\0lyl2019@mail.ustc.edu.cn\0" "Cc\0paulus@samba.org" davem@davemloft.net @@ -16,7 +16,7 @@ "> \n" "> In ppp_unregister_channel, pch could be freed in ppp_unbridge_channels()\n" "> but after that pch is still in use. Inside the function ppp_unbridge_channels,\n" - "> if \"pchbb = pch\" is true and then pch will be freed.\n" + "> if \"pchbb == pch\" is true and then pch will be freed.\n" "\n" "No. It's freed only if if the refcount drops to 0. And the caller of\n" "ppp_unregister_channel() must hold its own refcount. So\n" @@ -32,4 +32,4 @@ "\n" There's no patch to send as far as I can see. -66f324a917ab492e5335c35a6717dfa610c91c6fd6432e482e7c27e52be549a6 +98455d021528c6bc56f940e57a98a9cfa6b11b2e32bb1bdbf602a654157b064c
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.