irda: Only insert new objects into the global database via setsockopt - kernel/linux.git

diff options

author	Tyler Hicks <tyhicks@canonical.com>	2018-09-04 18:24:05 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-09-15 10:45:36 +0300
commit	e37957305de356b4f8719a3a4c7bc1453a2f0ca3 (patch)
tree	d3c8e1d016ab83e36c615f30d0ff516da568241e /arch/arm
parent	77be9452d0e5768bab9a041a62116cbeb9dc3174 (diff)
download	linux-e37957305de356b4f8719a3a4c7bc1453a2f0ca3.tar.xz

irda: Only insert new objects into the global database via setsockopt

The irda_setsockopt() function conditionally allocates memory for a new self->ias_object or, in some cases, reuses the existing self->ias_object. Existing objects were incorrectly reinserted into the LM_IAS database which corrupted the doubly linked list used for the hashbin implementation of the LM_IAS database. When combined with a memory leak in irda_bind(), this issue could be leveraged to create a use-after-free vulnerability in the hashbin list. This patch fixes the issue by only inserting newly allocated objects into the database. CVE-2018-6555 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'arch/arm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: