ppp: ensure file->private_data can't be overridden - kernel/linux.git

diff options

author	Guillaume Nault <g.nault@alphalink.fr>	2016-03-14 23:17:16 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2016-04-20 09:42:04 +0300
commit	029464a380858e54ab750a5a536a0bdcd7180b1f (patch)
tree	b4bc74827cc28f7d7d069f167ab7bf9fbb58470f /net/dccp
parent	a317579bb62ec6c1cb6bd7e5d0d8a25a746832f2 (diff)
download	linux-029464a380858e54ab750a5a536a0bdcd7180b1f.tar.xz

ppp: ensure file->private_data can't be overridden

[ Upstream commit e8e56ffd9d2973398b60ece1f1bebb8d67b4d032 ] Locking ppp_mutex must be done before dereferencing file->private_data, otherwise it could be modified before ppp_unattached_ioctl() takes the lock. This could lead ppp_unattached_ioctl() to override ->private_data, thus leaking reference to the ppp_file previously pointed to. v2: lock all ppp_ioctl() instead of just checking private_data in ppp_unattached_ioctl(), to avoid ambiguous behaviour. Fixes: f3ff8a4d80e8 ("ppp: push BKL down into the driver") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/dccp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: