linux-sg2042/net/bluetooth/rfcomm
Marcel Holtmann 09c7d8293a [IRDA]: Fix rfcomm use-after-free
Adrian Bunk wrote:
> Commit 8de0a15483 added the following
> use-after-free in net/bluetooth/rfcomm/tty.c:
>
> <--  snip  -->
>
> ...
> static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
> {
> ...
>         if (IS_ERR(dev->tty_dev)) {
>                 list_del(&dev->list);
>                 kfree(dev);
>                 return PTR_ERR(dev->tty_dev);
>         }
> ...
>
> <--  snip  -->
>
> Spotted by the Coverity checker.

really good catch. I fully overlooked that one. The attached patch
should fix it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:05 -07:00
..
Kconfig Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Makefile [Bluetooth] Move CRC table into RFCOMM core 2005-10-28 19:20:36 +02:00
core.c Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
sock.c [NET] BLUETOOTH: Fix whitespace errors. 2007-02-10 23:19:20 -08:00
tty.c [IRDA]: Fix rfcomm use-after-free 2007-07-31 02:28:05 -07:00