On Tue, Jul 13, 2021 at 01:21:44PM -0700, Xiaochen Zou wrote:
Xiaochen Zou (1): can: fix a potential UAF access in j1939_session_deactivate(). Both session and session->priv may be freed in j1939_session_deactivate_locked(). It leads to potential UAF read and write in j1939_session_list_unlock(). The free chain is
j1939_session_deactivate_locked()->j1939_session_put()->__j1939_session_release()->j1939_session_destroy(). To fix this bug, I moved j1939_session_put() behind j1939_session_deactivate_locked(), and guarded it with a check of active since the session would be freed only if active is true.
net/can/j1939/transport.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
-- 2.17.1
Hi,
This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him a patch that has triggered this response. He used to manually respond to these common problems, but in order to save his sanity (he kept writing the same thing over and over, yet to different people), I was created. Hopefully you will not take offence and will fix the problem in your patch and resubmit it so that it can be accepted into the Linux kernel tree.
You are receiving this message because of the following common error(s) as indicated below:
- Your patch was attached, please place it inline so that it can be applied directly from the email message itself.
If you wish to discuss this problem further, or you have questions about how to resolve this issue, please feel free to respond to this email and Greg will reply once he has dug out from the pending patches received from other developers.
thanks,
greg k-h's patch email bot