AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-19 21:38:59 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
8b51dc7291
linux_dsm_epyc7002/drivers/net/wireless
History
Hui Peng 8b51dc7291 rsi: fix a double free bug in rsi_91x_deinit() 
`dev` (struct rsi_91x_usbdev *) field of adapter
(struct rsi_91x_usbdev *) is allocated  and initialized in
`rsi_init_usb_interface`. If any error is detected in information
read from the device side,  `rsi_init_usb_interface` will be
freed. However, in the higher level error handling code in
`rsi_probe`, if error is detected, `rsi_91x_deinit` is called
again, in which `dev` will be freed again, resulting double free.

This patch fixes the double free by removing the free operation on
`dev` in `rsi_init_usb_interface`, because `rsi_91x_deinit` is also
used in `rsi_disconnect`, in that code path, the `dev` field is not
 (and thus needs to be) freed.

This bug was found in v4.19, but is also present in the latest version
of kernel. Fixes CVE-2019-15504.

Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Hui Peng <benquike@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-09-03 16:54:48 +03:00
..
admtek treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 501 2019-06-19 17:09:56 +02:00
ath wireless: fix nl80211 vendor commands 2019-07-20 21:37:26 +02:00
atmel treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
broadcom wireless: fix nl80211 vendor commands 2019-07-20 21:37:26 +02:00
cisco airo: switch to skcipher interface 2019-06-25 08:12:20 +03:00
intel iwlwifi: assign directly to iwl_trans->cfg in QuZ detection 2019-09-03 16:50:59 +03:00
intersil Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
marvell mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings 2019-09-03 16:50:21 +03:00
mediatek mt76: mt76x0e: disable 5GHz band for MT7630E 2019-09-03 16:49:29 +03:00
quantenna qtnfmac: Use struct_size() in kzalloc() 2019-06-25 08:01:32 +03:00
ralink Revert "rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band" 2019-09-03 16:52:22 +03:00
realtek scripts/spelling.txt: drop "sepc" from the misspelling list 2019-07-12 11:05:41 -07:00
rsi rsi: fix a double free bug in rsi_91x_deinit() 2019-09-03 16:54:48 +03:00
st treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ti wireless: fix nl80211 vendor commands 2019-07-20 21:37:26 +02:00
zydas treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mac80211_hwsim.c mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() 2019-07-29 16:20:34 +02:00
mac80211_hwsim.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile mac80211-next: rtnetlink wifi simulation device 2018-12-05 15:31:31 +01:00
ray_cs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 416 2019-06-05 17:37:15 +02:00
ray_cs.h
rayctl.h
rndis_wlan.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
virt_wifi.c timekeeping: Use proper clock specifier names in functions 2019-06-22 12:11:27 +02:00
wl3501_cs.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
wl3501.h