FreeBSD Bugzilla – Attachment 225050 Details for
Bug 255869
[PATCH] kern: Fix a use after free bug in sodealloc
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
V2: defer the crfree to avoid uaf.
0002-v2-sys-kern-fix-uaf-sodealloc.patch (text/plain), 599 bytes, created by
lylgood
on 2021-05-18 03:25:22 UTC
(
hide
)
Description:
V2: defer the crfree to avoid uaf.
Filename:
MIME Type:
Creator:
lylgood
Created:
2021-05-18 03:25:22 UTC
Size:
599 bytes
patch
obsolete
>diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c >index ea86f66556ea..2a167eb68a22 100644 >--- a/sys/kern/uipc_socket.c >+++ b/sys/kern/uipc_socket.c >@@ -476,7 +476,6 @@ sodealloc(struct socket *so) > #endif > hhook_run_socket(so, NULL, HHOOK_SOCKET_CLOSE); > >- crfree(so->so_cred); > khelp_destroy_osd(&so->osd); > if (SOLISTENING(so)) { > if (so->sol_accept_filter != NULL) >@@ -493,6 +492,7 @@ sodealloc(struct socket *so) > SOCKBUF_LOCK_DESTROY(&so->so_snd); > SOCKBUF_LOCK_DESTROY(&so->so_rcv); > } >+ crfree(so->so_cred); > mtx_destroy(&so->so_lock); > uma_zfree(socket_zone, so); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=225050">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 255869
:
224933
| 225050