From patchwork Wed Jun 22 04:57:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Duoming Zhou X-Patchwork-Id: 12890130 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 594CCC433EF for ; Wed, 22 Jun 2022 04:58:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1356000AbiFVE6q (ORCPT ); Wed, 22 Jun 2022 00:58:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356367AbiFVE6d (ORCPT ); Wed, 22 Jun 2022 00:58:33 -0400 Received: from zju.edu.cn (mail.zju.edu.cn [61.164.42.155]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 868F61DA73; Tue, 21 Jun 2022 21:58:19 -0700 (PDT) Received: from ubuntu.localdomain (unknown [10.190.66.207]) by mail-app2 (Coremail) with SMTP id by_KCgAHFVJNobJiUFNcAg--.15149S2; Wed, 22 Jun 2022 12:58:01 +0800 (CST) From: Duoming Zhou To: linux-hams@vger.kernel.org Cc: ralf@linux-mips.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netdev@vger.kernel.org, Duoming Zhou Subject: [PATCH net v2 0/2] Fix UAF and null-ptr-deref bugs in rose protocol Date: Wed, 22 Jun 2022 12:57:46 +0800 Message-Id: X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: by_KCgAHFVJNobJiUFNcAg--.15149S2 X-Coremail-Antispam: 1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUO07CY07I20VC2zVCF04k26cxKx2IYs7xG 6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8w A2z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j 6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwCF04k20xvY0x0EwIxG rwCF04k20xvE74AGY7Cv6cx26r4fKr1UJr1l4c8EcI0En4kS14v26r126r1DMxAqzxv26x kF7I0En4kS14v26Fy26r43JwCFx2IqxVCFs4IE7xkEbVWUJVW8JwCFI7km07C267AKxVWU AVWUtwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67 kF1VAFwI0_Jw0_GFylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY 6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0x vEx4A2jsIE14v26r4j6F4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr1j6F4UJbIYCTnIWIev Ja73UjIFyTuYvjfUoOJ5UUUUU X-CM-SenderInfo: qssqjiasttq6lmxovvfxof0/1tbiAgIJAVZdtaVy3wAHs5 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The first patch fixes the UAF bug of sock caused by timer. The second patch fixes the null-ptr-deref bug caused by rose_kill_by_neigh(). Duoming Zhou (2): net: rose: fix UAF bugs caused by timer handler net: rose: fix null-ptr-deref caused by rose_kill_by_neigh net/rose/af_rose.c | 6 ++++++ net/rose/rose_route.c | 2 ++ net/rose/rose_timer.c | 22 +++++++++++++--------- 3 files changed, 21 insertions(+), 9 deletions(-)