[maverick CVE 1/1] can: add missing socket check in can/raw release
Andy Whitcroft
apw at canonical.com
Thu May 26 16:07:35 UTC 2011
From: Oliver Hartkopp <socketcan at hartkopp.net>
v2: added space after 'if' according code style.
We can get here with a NULL socket argument passed from userspace,
so we need to handle it accordingly.
Thanks to Dave Jones pointing at this issue in net/can/bcm.c
Signed-off-by: Oliver Hartkopp <socketcan at hartkopp.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
CVE-2011-1748
BugLink: http://bugs.launchpad.net/bugs/788694
(cherry picked from commit 10022a6c66e199d8f61d9044543f38785713cbbd)
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
net/can/raw.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/net/can/raw.c b/net/can/raw.c
index 1650599..9ae3b9b 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -281,7 +281,12 @@ static int raw_init(struct sock *sk)
static int raw_release(struct socket *sock)
{
struct sock *sk = sock->sk;
- struct raw_sock *ro = raw_sk(sk);
+ struct raw_sock *ro;
+
+ if (!sk)
+ return 0;
+
+ ro = raw_sk(sk);
unregister_netdevice_notifier(&ro->notifier);
--
1.7.4.1
More information about the kernel-team
mailing list