aha/net/bluetooth
Marcel Holtmann 09c7d8293a [IRDA]: Fix rfcomm use-after-free
Adrian Bunk wrote:
> Commit 8de0a15483 added the following
> use-after-free in net/bluetooth/rfcomm/tty.c:
>
> <--  snip  -->
>
> ...
> static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
> {
> ...
>         if (IS_ERR(dev->tty_dev)) {
>                 list_del(&dev->list);
>                 kfree(dev);
>                 return PTR_ERR(dev->tty_dev);
>         }
> ...
>
> <--  snip  -->
>
> Spotted by the Coverity checker.

really good catch. I fully overlooked that one. The attached patch
should fix it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:05 -07:00
..
bnep Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
cmtp Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
hidp Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
rfcomm [IRDA]: Fix rfcomm use-after-free 2007-07-31 02:28:05 -07:00
af_bluetooth.c [SK_BUFF]: Introduce skb_reset_transport_header(skb) 2007-04-25 22:25:15 -07:00
hci_conn.c [Bluetooth] Add basics to better support and handle eSCO links 2007-07-11 07:35:32 +02:00
hci_core.c [NET] BLUETOOTH: Fix whitespace errors. 2007-07-19 10:43:16 +09:00
hci_event.c [Bluetooth] Add basics to better support and handle eSCO links 2007-07-11 07:35:32 +02:00
hci_sock.c [BLUETOOTH]: Fix locking in hci_sock_dev_event(). 2007-05-17 14:20:30 -07:00
hci_sysfs.c Fix bluetooth HCI sysfs compile 2007-05-07 17:32:08 -07:00
Kconfig [S390] Kconfig: unwanted menus for s390. 2007-05-10 15:46:07 +02:00
l2cap.c [Bluetooth] Fix L2CAP configuration parameter handling 2007-05-24 14:27:19 +02:00
lib.c [NET] BLUETOOTH: Fix whitespace errors. 2007-02-10 23:19:20 -08:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sco.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00