This is a note to let you know that I've just added the patch titled
x25: Do not reference freed memory.
to the 2.6.32-longterm tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/longterm/longterm-queue-2.6.32.git;a=summary
The filename of the patch is:
x25-do-not-reference-freed-memory.patch
and it can be found in the queue-2.6.32 subdirectory.
If you, or anyone else, feels it should not be added to the 2.6.32 longterm
tree,
please let <[email protected]> know about it.
>From 96642d42f076101ba98866363d908cab706d156c Mon Sep 17 00:00:00 2001
From: David S. Miller <[email protected]>
Date: Wed, 9 Feb 2011 21:48:36 -0800
Subject: x25: Do not reference freed memory.
From: David S. Miller <[email protected]>
commit 96642d42f076101ba98866363d908cab706d156c upstream.
In x25_link_free(), we destroy 'nb' before dereferencing
'nb->dev'. Don't do this, because 'nb' might be freed
by then.
Reported-by: Randy Dunlap <[email protected]>
Tested-by: Randy Dunlap <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/x25/x25_link.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/net/x25/x25_link.c
+++ b/net/x25/x25_link.c
@@ -391,9 +391,12 @@ void __exit x25_link_free(void)
write_lock_bh(&x25_neigh_list_lock);
list_for_each_safe(entry, tmp, &x25_neigh_list) {
+ struct net_device *dev;
+
nb = list_entry(entry, struct x25_neigh, node);
+ dev = nb->dev;
__x25_remove_neigh(nb);
- dev_put(nb->dev);
+ dev_put(dev);
}
write_unlock_bh(&x25_neigh_list_lock);
}
Patches currently in longterm-queue-2.6.32 which might be from
[email protected] are
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
