irda: Fix memory leak caused by repeated binds of irda socket - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tyler Hicks <tyhicks@canonical.com>	2018-09-04 15:24:04 +0000
committer	Moyster <oysterized@gmail.com>	2019-05-03 18:55:01 +0200
commit	8b10052924761b584d0cf156e265f14942bff9bf (patch)
tree	ba0c6aac198e43c3bc1cd847387d7e6bde31bf36 /android/configs
parent	ac8a051768908c1b4eeafd4f57667be4de9b8e03 (diff)

irda: Fix memory leak caused by repeated binds of irda socket

The irda_bind() function allocates memory for self->ias_obj without checking to see if the socket is already bound. A userspace process could repeatedly bind the socket, have each new object added into the LM-IAS database, and lose the reference to the old object assigned to the socket to exhaust memory resources. This patch errors out of the bind operation when self->ias_obj is already assigned. CVE-2018-6554 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Change-Id: Ia5e9fde9ca3408595602453dd7ff5ebb3fcb6c31 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Diffstat (limited to 'android/configs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: