ACK: [D][E][F][SRU][PATCH 1/1][CVE-2019-19055] nl80211: fix memory leak in nl80211_get_ftm_responder_stats
Stefan Bader
stefan.bader at canonical.com
Fri Nov 29 09:09:18 UTC 2019
On 26.11.19 12:39, Po-Hsu Lin wrote:
> From: Navid Emamdoost <navid.emamdoost at gmail.com>
>
> CVE-2019-19055
>
> In nl80211_get_ftm_responder_stats, a new skb is created via nlmsg_new
> named msg. If nl80211hdr_put() fails, then msg should be released. The
> return statement should be replace by goto to error handling code.
>
> Fixes: 81e54d08d9d8 ("cfg80211: support FTM responder configuration/statistics")
> Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
> Link: https://lore.kernel.org/r/20191004194220.19412-1-navid.emamdoost@gmail.com
> Signed-off-by: Johannes Berg <johannes.berg at intel.com>
> (cherry picked from commit 1399c59fa92984836db90538cf92397fe7caaa57)
> Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> net/wireless/nl80211.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
> index da752ca..f04cb89 100644
> --- a/net/wireless/nl80211.c
> +++ b/net/wireless/nl80211.c
> @@ -13521,7 +13521,7 @@ static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
> hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
> NL80211_CMD_GET_FTM_RESPONDER_STATS);
> if (!hdr)
> - return -ENOBUFS;
> + goto nla_put_failure;
>
> if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
> goto nla_put_failure;
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20191129/389fa20b/attachment.sig>
More information about the kernel-team
mailing list