diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2016-05-16 17:28:16 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-05-16 22:05:15 -0400 |
commit | 92964c79b357efd980812c4de5c1fd2ec8bb5520 (patch) | |
tree | 4fdcb3313923315bb1d2065bbf1c2b522d8854b5 /net/bluetooth | |
parent | 45e093ae2830cd1264677d47ff9a95a71f5d9f9c (diff) | |
download | linux-rpi3-92964c79b357efd980812c4de5c1fd2ec8bb5520.tar.gz linux-rpi3-92964c79b357efd980812c4de5c1fd2ec8bb5520.tar.bz2 linux-rpi3-92964c79b357efd980812c4de5c1fd2ec8bb5520.zip |
netlink: Fix dump skb leak/double free
When we free cb->skb after a dump, we do it after releasing the
lock. This means that a new dump could have started in the time
being and we'll end up freeing their skb instead of ours.
This patch saves the skb and module before we unlock so we free
the right memory.
Fixes: 16b304f3404f ("netlink: Eliminate kmalloc in netlink dump operation.")
Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth')
0 files changed, 0 insertions, 0 deletions