linux/drivers/net/ppp
Guillaume Nault e8e56ffd9d ppp: ensure file->private_data can't be overridden
Locking ppp_mutex must be done before dereferencing file->private_data,
otherwise it could be modified before ppp_unattached_ioctl() takes the
lock. This could lead ppp_unattached_ioctl() to override ->private_data,
thus leaking reference to the ppp_file previously pointed to.

v2: lock all ppp_ioctl() instead of just checking private_data in
    ppp_unattached_ioctl(), to avoid ambiguous behaviour.

Fixes: f3ff8a4d80 ("ppp: push BKL down into the driver")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-16 19:35:06 -04:00
..
bsd_comp.c
Kconfig
Makefile
ppp_async.c
ppp_deflate.c ppp: deflate: never return len larger than output buffer 2015-01-29 14:50:01 -08:00
ppp_generic.c ppp: ensure file->private_data can't be overridden 2016-03-16 19:35:06 -04:00
ppp_mppe.c ppp: mppe: discard late packet in stateless mode 2015-04-26 23:25:13 -04:00
ppp_mppe.h
ppp_synctty.c
pppoe.c pppoe: fix reference counting in PPPoE proxy 2016-02-17 16:02:01 -05:00
pppox.c pppox: use standard module auto-loading feature 2015-12-03 15:12:54 -05:00
pptp.c pptp: fix illegal memory access caused by multiple bind()s 2016-01-24 22:18:26 -08:00