Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/net/bluetooth
History
Ignat Korchagin 17205e429f Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() 
[ Upstream commit 7c4f78cdb8e7501e9f92d291a7d956591bf73be9 ]

bt_sock_alloc() allocates the sk object and attaches it to the provided
sock object. On error l2cap_sock_alloc() frees the sk object, but the
dangling pointer is still attached to the sock object, which may create
use-after-free in other code.

Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-3-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-12-17 13:24:30 +01:00
..
bnep Revert "Bluetooth: bnep: Fix out-of-bound access" 2024-11-24 00:23:52 +01:00
cmtp exit: Rename module_put_and_exit to module_put_and_kthread_exit 2024-11-19 12:27:50 +01:00
hidp exit: Rename module_put_and_exit to module_put_and_kthread_exit 2024-11-19 12:27:50 +01:00
rfcomm Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() 2024-12-17 13:24:18 +01:00
6lowpan.c
a2mp.c
a2mp.h
af_bluetooth.c Revert "Bluetooth: Remove debugfs directory on module init failure" 2024-11-24 00:22:52 +01:00
amp.c
amp.h
ecdh_helper.c
ecdh_helper.h
hci_conn.c
hci_core.c Revert "Bluetooth: hci_core: Fix LE quote calculation" 2024-11-24 00:23:52 +01:00
hci_debugfs.c Bluetooth: Fix TOCTOU in HCI debugfs implementation 2024-11-19 09:22:45 +01:00
hci_debugfs.h
hci_event.c Bluetooth: hci_event: set the conn encrypted before conn establishes 2024-11-19 09:22:44 +01:00
hci_request.c Bluetooth: Fix memory leak in hci_req_sync_complete() 2024-11-19 11:32:19 +01:00
hci_request.h
hci_sock.c
hci_sysfs.c Bluetooth: fix use-after-free in device_for_each_child() 2024-12-17 13:24:07 +01:00
Kconfig
l2cap_core.c Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() 2024-11-23 23:20:22 +01:00
l2cap_sock.c Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() 2024-12-17 13:24:30 +01:00
leds.c
leds.h
lib.c
Makefile
mgmt.c Revert "Bluetooth: MGMT: Add error handling to pair_device()" 2024-11-24 00:23:50 +01:00
mgmt_config.c
mgmt_config.h
mgmt_util.c
mgmt_util.h
msft.c
msft.h
sco.c Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout 2024-11-19 11:32:45 +01:00
selftest.c
selftest.h
smp.c Revert "Bluetooth: SMP: Fix assumption of Central always being Initiator" 2024-11-24 00:23:52 +01:00
smp.h