projects / cascardo / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b8553c) | patch
vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
authorStefan Hajnoczi <stefanha@redhat.com>
Thu, 4 Aug 2016 13:52:53 +0000 (14:52 +0100)
committerMichael S. Tsirkin <mst@redhat.com>
Tue, 9 Aug 2016 10:42:37 +0000 (13:42 +0300)
commit3fda5d6e580193fa005014355b3a61498f1b3ae0
tree351ecd0bebf5e2e863ad233fe356cf54a08d9ce3tree | snapshot
parent1b8553c04bf95180eb91be94f089a1e8b38cfd62commit | diff
vhost/vsock: fix vhost virtio_vsock_pkt use-after-free

Stash the packet length in a local variable before handing over
ownership of the packet to virtio_transport_recv_pkt() or
virtio_transport_free_pkt().

This patch solves the use-after-free since pkt is no longer guaranteed
to be alive.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
drivers/vhost/vsock.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.