]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit
projects / mirror_ubuntu-focal-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61ec6a1) | patch
cfg80211: fix double-free after changing network namespace
authorStefan Bühler <source@stbuehler.de>
Tue, 26 Nov 2019 10:05:44 +0000 (11:05 +0100)
committerPaolo Pisati <paolo.pisati@canonical.com>
Thu, 30 Jan 2020 15:22:53 +0000 (16:22 +0100)
commit70de5ac889e4f3d0118c95abfcfe64c5ae90c896
tree471047a3a7fb29bf633fe992b5f6df25d51b25edtree
parent61ec6a1ee3ca5148a65be10cb527b5384e9206f5commit | diff
cfg80211: fix double-free after changing network namespace

BugLink: https://bugs.launchpad.net/bugs/1860130
[ Upstream commit 56cb31e185adb61f930743a9b70e700a43625386 ]

If wdev->wext.keys was initialized it didn't get reset to NULL on
unregister (and it doesn't get set in cfg80211_init_wdev either), but
wdev is reused if unregister was triggered through
cfg80211_switch_netns.

The next unregister (for whatever reason) will try to free
wdev->wext.keys again.

Signed-off-by: Stefan Bühler <source@stbuehler.de>
Link: https://lore.kernel.org/r/20191126100543.782023-1-stefan.buehler@tik.uni-stuttgart.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
net/wireless/core.c diff | blob | blame | history
Ubuntu Focal Linux kernel mirror