diff options
author | Guillaume Nault <g.nault@alphalink.fr> | 2016-03-14 23:17:16 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-04-20 09:42:04 +0300 |
commit | 029464a380858e54ab750a5a536a0bdcd7180b1f (patch) | |
tree | b4bc74827cc28f7d7d069f167ab7bf9fbb58470f /net/dccp | |
parent | a317579bb62ec6c1cb6bd7e5d0d8a25a746832f2 (diff) | |
download | linux-029464a380858e54ab750a5a536a0bdcd7180b1f.tar.xz |
ppp: ensure file->private_data can't be overridden
[ Upstream commit e8e56ffd9d2973398b60ece1f1bebb8d67b4d032 ]
Locking ppp_mutex must be done before dereferencing file->private_data,
otherwise it could be modified before ppp_unattached_ioctl() takes the
lock. This could lead ppp_unattached_ioctl() to override ->private_data,
thus leaking reference to the ppp_file previously pointed to.
v2: lock all ppp_ioctl() instead of just checking private_data in
ppp_unattached_ioctl(), to avoid ambiguous behaviour.
Fixes: f3ff8a4d80e8 ("ppp: push BKL down into the driver")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/dccp')
0 files changed, 0 insertions, 0 deletions