Re: [PATCH] net/mlx5/core/fpga/ipsec: Fix use-after-free

From: Gustavo A. R. Silva
Date: Thu Mar 22 2018 - 14:37:39 EST

Next message: Daniel Jordan: "Re: [RFC PATCH v2 2/4] mm/__free_one_page: skip merge for order-0 page unless compaction failed"
Previous message: David Miller: "Re: [RFC PATCH] etherdevice.h: net/core: Add ether_addrs.c and global ether_<foo>_addr"
In reply to: Yuval Shaia: "Re: [PATCH] net/mlx5/core/fpga/ipsec: Fix use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Yuval,

On 03/22/2018 01:32 PM, Yuval Shaia wrote:

On Thu, Mar 22, 2018 at 01:03:42PM -0500, Gustavo A. R. Silva wrote:

_rule_ is being freed and then dereferenced by accessing rule->ctx

Fix this by copying the value returned by PTR_ERR(rule->ctx) into a local
variable for its safe use after freeing _rule_

Addresses-Coverity-ID: 1466041 ("Read from pointer after free")
Fixes: 05564d0ae075 ("net/mlx5: Add flow-steering commands for FPGA IPSec implementation")
Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>

Prefix should not be that long, a short one as this is enough.

Yeah. Actually, I was suspicious about it.

net/mlx5: Fix use-after-free

Besides that - lgtm.

Reviewed-by: Yuval Shaia <yuval.shaia@xxxxxxxxxx>

I'll send v2 with a short prefix and add your Reviewed-by.

Thanks for the feedback.
--
Gustavo

Next message: Daniel Jordan: "Re: [RFC PATCH v2 2/4] mm/__free_one_page: skip merge for order-0 page unless compaction failed"
Previous message: David Miller: "Re: [RFC PATCH] etherdevice.h: net/core: Add ether_addrs.c and global ether_<foo>_addr"
In reply to: Yuval Shaia: "Re: [PATCH] net/mlx5/core/fpga/ipsec: Fix use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]