From: Hoang Le <[email protected]> Date: Thu, 21 Mar 2019 17:25:17 +0700
> skb free-ed in: > 1/ condition 1: tipc_sk_filter_rcv -> tipc_sk_proto_rcv > 2/ condition 2: tipc_sk_filter_rcv -> tipc_group_filter_msg > This leads to a "use-after-free" access in the next condition. > > We fix this by intializing the variable at declaration, then it is safe > to check this variable to continue processing if condition matches. > > syzbot report: ... > Reported-by: [email protected] > Fixes: c55c8eda ("tipc: smooth change between replicast and broadcast") > Acked-by: Jon Maloy <[email protected]> > Signed-off-by: Hoang Le <[email protected]> Applied. _______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
