On Fri, Apr 2, 2021 at 11:59 PM Zheyu Ma wrote:
>
> case NOSY_IOC_START:
> + list_for_each_entry(tmp, &client->lynx->client_list, link)
> + if (tmp == client)
> + return -EINVAL;
I don't think this is safe.
You are doing t
On Sat, Apr 03, 2021 at 06:58:36AM +, Zheyu Ma wrote:
> For each device, the nosy driver allocates a pcilynx structure.
> A use-after-free might happen in the following scenario:
>
> 1. Open nosy device for the first time and call ioctl with command
> NOSY_IOC_START, then a new client A wi
For each device, the nosy driver allocates a pcilynx structure.
A use-after-free might happen in the following scenario:
1. Open nosy device for the first time and call ioctl with command
NOSY_IOC_START, then a new client A will be malloced and added
to doubly linked list.
2. Open nosy dev
3 matches
Mail list logo
