linux-stable.git - Linux kernel stable tree

diff options

author	Erez Shitrit <erezsh@mellanox.com>	2016-08-28 10:58:30 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2016-10-07 15:21:26 +0200
commit	fe459deb1840fe4cdb5b6a299376d7a710b87094 (patch)
tree	33119d3de3e0e69e2ec41a631692e9162517166b /CREDITS
parent	a734679bdf768e370ef3d32254871ada91ad261f (diff)
download	linux-stable-fe459deb1840fe4cdb5b6a299376d7a710b87094.tar.gz linux-stable-fe459deb1840fe4cdb5b6a299376d7a710b87094.tar.bz2 linux-stable-fe459deb1840fe4cdb5b6a299376d7a710b87094.zip

IB/core: Fix use after free in send_leave function

commit 68c6bcdd8bd00394c234b915ab9b97c74104130c upstream. The function send_leave sets the member: group->query_id (group->query_id = ret) after calling the sa_query, but leave_handler can be executed before the setting and it might delete the group object, and will get a memory corruption. Additionally, this patch gets rid of group->query_id variable which is not used. Fixes: faec2f7b96b5 ('IB/sa: Track multicast join/leave requests') Signed-off-by: Erez Shitrit <erezsh@mellanox.com> Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'CREDITS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: