Re: [PATCH] staging: rtl8192e: fix potential use after free

Tue, 05 Nov 2019 07:00:59 -0800 

On Tue, Nov 05, 2019 at 10:49:11PM +0800, Pan Bian wrote:
> The variable skb is released via kfree_skb() when the return value of
> _rtl92e_tx is not zero. However, after that, skb is accessed again to
> read its length, which may result in a use after free bug. This patch
> fixes the bug by moving the release operation to where skb is never
> used later.
> 
> Signed-off-by: Pan Bian <bianpan2...@163.com>

Reviewed-by: Dan Carpenter <dan.carpen...@oracle.com>

regards,
dan carpenter

_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Reply via email to