netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [patch 2/2] dcb: use after free in dcb_flushapp()
@ 2011-01-05  7:03 Dan Carpenter
  2011-01-06 19:17 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2011-01-05  7:03 UTC (permalink / raw)
  To: netdev; +Cc: John Fastabend, Shmulik Ravid, kernel-janitors, David S. Miller

The original code has a use after free bug because it's not using the
_safe() version of the list_for_each_entry() macro.

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 8881cb5..11bf6a2 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1650,9 +1650,10 @@ EXPORT_SYMBOL(dcb_setapp);
 static void dcb_flushapp(void)
 {
 	struct dcb_app_type *app;
+	struct dcb_app_type *tmp;
 
 	spin_lock(&dcb_lock);
-	list_for_each_entry(app, &dcb_app_list, list) {
+	list_for_each_entry_safe(app, tmp, &dcb_app_list, list) {
 		list_del(&app->list);
 		kfree(app);
 	}

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [patch 2/2] dcb: use after free in dcb_flushapp()
  2011-01-05  7:03 [patch 2/2] dcb: use after free in dcb_flushapp() Dan Carpenter
@ 2011-01-06 19:17 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2011-01-06 19:17 UTC (permalink / raw)
  To: error27; +Cc: netdev, john.r.fastabend, shmulikr, kernel-janitors

From: Dan Carpenter <error27@gmail.com>
Date: Wed, 5 Jan 2011 10:03:44 +0300

> The original code has a use after free bug because it's not using the
> _safe() version of the list_for_each_entry() macro.
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Also applied.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-01-06 19:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-05  7:03 [patch 2/2] dcb: use after free in dcb_flushapp() Dan Carpenter
2011-01-06 19:17 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).