[lucid/fsl-imx51, maverick, maverick/ti-omap4, natty/ti-omap4 CVE 1/1] can: Add missing socket check in can/bcm release.
Andy Whitcroft
apw at canonical.com
Mon Jun 13 10:58:05 UTC 2011
From: Dave Jones <davej at redhat.com>
We can get here with a NULL socket argument passed from userspace,
so we need to handle it accordingly.
Signed-off-by: Dave Jones <davej at redhat.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit c6914a6f261aca0c9f715f883a353ae7ff51fe83)
CVE-2011-1598
BugLink: http://bugs.launchpad.net/bugs/796502
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
net/can/bcm.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 9d5e8ac..56d20a2 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1424,9 +1424,14 @@ static int bcm_init(struct sock *sk)
static int bcm_release(struct socket *sock)
{
struct sock *sk = sock->sk;
- struct bcm_sock *bo = bcm_sk(sk);
+ struct bcm_sock *bo;
struct bcm_op *op, *next;
+ if (sk == NULL)
+ return 0;
+
+ bo = bcm_sk(sk);
+
/* remove bcm_ops, timer, rx_unregister(), etc. */
unregister_netdevice_notifier(&bo->notifier);
--
1.7.4.1
More information about the kernel-team
mailing list