linux/net/tipc
Jon Paul Maloy 3d09fc4244 tipc: eliminate case of writing to freed memory
In the function tipc_nodesub_notify() we call a function pointer
aggregated into the object to be notified, whereafter we set
the function pointer to NULL. However, in some cases the function
pointed to will free the struct containing the function pointer,
resulting in a write to already freed memory.

This bug seems to always have been there, without causing any
notable harm.

In this commit we fix the problem by inverting the order of the
zeroing and the function call.

Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-06-27 12:50:54 -07:00
..
addr.c tipc: compress out gratuitous extra carriage returns 2012-04-30 15:53:56 -04:00
addr.h tipc: explicitly include core.h in addr.h 2014-02-13 17:49:13 -05:00
bcast.c net: add __pskb_copy_fclone and pskb_copy_for_clone 2014-06-11 15:38:02 -07:00
bcast.h tipc: avoid to asynchronously reset all links 2014-05-05 17:26:45 -04:00
bearer.c tipc: improve and extend media address conversion functions 2014-05-14 15:19:48 -04:00
bearer.h tipc: improve and extend media address conversion functions 2014-05-14 15:19:48 -04:00
config.c tipc: convert allocations of global variables associated with bclink 2014-05-05 17:26:45 -04:00
config.h tipc: obsolete the remote management feature 2014-03-27 13:08:36 -04:00
core.c tipc: decrease connection flow control window 2014-05-14 15:19:47 -04:00
core.h tipc: improve and extend media address conversion functions 2014-05-14 15:19:48 -04:00
discover.c tipc: clean up neigbor discovery message reception 2014-05-14 15:19:48 -04:00
discover.h tipc: fix race in disc create/delete 2014-04-22 21:17:53 -04:00
eth_media.c tipc: improve and extend media address conversion functions 2014-05-14 15:19:48 -04:00
ib_media.c tipc: improve and extend media address conversion functions 2014-05-14 15:19:48 -04:00
Kconfig tipc: add InfiniBand media type 2013-04-17 14:18:33 -04:00
link.c tipc: merge port message reception into socket reception function 2014-05-14 15:19:48 -04:00
link.h tipc: rename and move message reassembly function 2014-05-14 15:19:48 -04:00
log.c tipc: remove print_buf and deprecated log buffer code 2012-07-13 19:34:43 -04:00
Makefile tipc: purge signal handler infrastructure 2014-05-05 17:26:45 -04:00
msg.c tipc: rename and move message reassembly function 2014-05-14 15:19:48 -04:00
msg.h tipc: rename and move message reassembly function 2014-05-14 15:19:48 -04:00
name_distr.c tipc: avoid to asynchronously deliver name tables to peer node 2014-05-05 17:26:44 -04:00
name_distr.h tipc: avoid to asynchronously deliver name tables to peer node 2014-05-05 17:26:44 -04:00
name_table.c tipc: fix memory leak of publications 2014-04-30 13:31:26 -04:00
name_table.h tipc: cosmetic realignment of function arguments 2013-06-17 15:53:01 -07:00
net.c tipc: merge port message reception into socket reception function 2014-05-14 15:19:48 -04:00
net.h tipc: convert allocations of global variables associated with bclink 2014-05-05 17:26:45 -04:00
netlink.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-04-24 13:44:54 -04:00
node_subscr.c tipc: eliminate case of writing to freed memory 2014-06-27 12:50:54 -07:00
node_subscr.h tipc: avoid to asynchronously notify subscriptions 2014-05-05 17:26:44 -04:00
node.c tipc: rename and move message reassembly function 2014-05-14 15:19:48 -04:00
node.h tipc: rename and move message reassembly function 2014-05-14 15:19:48 -04:00
port.c tipc: merge port message reception into socket reception function 2014-05-14 15:19:48 -04:00
port.h tipc: merge port message reception into socket reception function 2014-05-14 15:19:48 -04:00
ref.c tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
ref.h tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
server.c net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
server.h tipc: remove all enabled flags from all tipc components 2014-02-22 00:00:15 -05:00
socket.c tipc: fix potential bug in function tipc_backlog_rcv 2014-06-11 15:01:30 -07:00
socket.h tipc: merge port message reception into socket reception function 2014-05-14 15:19:48 -04:00
subscr.c tipc: fix spinlock recursion bug for failed subscriptions 2014-03-24 15:36:56 -04:00
subscr.h tipc: cosmetic realignment of function arguments 2013-06-17 15:53:01 -07:00
sysctl.c tipc: change socket buffer overflow control to respect sk_rcvbuf 2013-06-17 15:53:00 -07:00