From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [net-next 1/1] tipc: fix a potental access after delete in tipc_sk_join() Date: Mon, 15 Jan 2018 13:44:06 -0500 (EST) Message-ID: <20180115.134406.1797630492013260374.davem@davemloft.net> References: <1515614930-9257-1-git-send-email-jon.maloy@ericsson.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, hoang.h.le@dektech.com.au, mohan.krishna.ghanta.krishnamurthy@ericsson.com To: jon.maloy@ericsson.com Return-path: In-Reply-To: <1515614930-9257-1-git-send-email-jon.maloy@ericsson.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tipc-discussion-bounces@lists.sourceforge.net List-Id: netdev.vger.kernel.org From: Jon Maloy Date: Wed, 10 Jan 2018 21:08:50 +0100 > In commit d12d2e12cec2 "tipc: send out join messages as soon as new > member is discovered") we added a call to the function tipc_group_join() > without considering the case that the preceding tipc_sk_publish() might > have failed, and the group item already deleted. > > We fix this by returning from tipc_sk_join() directly after the > failed tipc_sk_publish. > > Reported-by: syzbot+e3eeae78ea88b8d6d858@syzkaller.appspotmail.com > Signed-off-by: Jon Maloy Applied, thanks Jon. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot