linux-stable.git - Linux kernel stable tree

diff options

author	Xiaomeng Tong <xiam0nd.tong@gmail.com>	2022-03-28 20:28:20 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-06-14 16:52:36 +0200
commit	5786262a4eac987253d4c224c30595235d341470 (patch)
tree	492496b9c34c7a6b89dfc44899023751e6e610ae /Kconfig
parent	fb1cc5895c29b106adba38482e4089d50f756fd1 (diff)
download	linux-stable-5786262a4eac987253d4c224c30595235d341470.tar.gz linux-stable-5786262a4eac987253d4c224c30595235d341470.tar.bz2 linux-stable-5786262a4eac987253d4c224c30595235d341470.zip

carl9170: tx: fix an incorrect use of list iterator

commit 54a6f29522da3c914da30e50721dedf51046449a upstream. If the previous list_for_each_entry_continue_rcu() don't exit early (no goto hit inside the loop), the iterator 'cvif' after the loop will be a bogus pointer to an invalid structure object containing the HEAD (&ar->vif_list). As a result, the use of 'cvif' after that will lead to a invalid memory access (i.e., 'cvif->id': the invalid pointer dereference when return back to/after the callsite in the carl9170_update_beacon()). The original intention should have been to return the valid 'cvif' when found in list, NULL otherwise. So just return NULL when no entry found, to fix this bug. Cc: stable@vger.kernel.org Fixes: 1f1d9654e183c ("carl9170: refactor carl9170_update_beacon") Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com> Acked-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220328122820.1004-1-xiam0nd.tong@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'Kconfig')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: