Date: Thu, 28 Mar 2013 11:25:08 -0600 From: Will Andrews <will@firepipe.net> To: hackers@freebsd.org Cc: Alexander Kabaev <kan@freebsd.org> Subject: CFR: FireWire: Don't allow a tlabel to reference an xfer after free Message-ID: <CADBaqmgJY=N0bodBA%2BkyjkQuNnM%2BqvLML1UZvJU_JY=PLwg5hQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Diff: http://people.freebsd.org/~will/patches/fix-fwmem-use-after-free.diff >From the commit log: FireWire: Don't allow a tlabel to reference an xfer after free. sys/dev/firewire/firewire.c: - fw_xfer_unload(): Since we are about to free this xfer, call fw_tl_free() to remove the xfer from its tlabel's list, if it has a tlabel. - In every occasion when a xfer is removed from a tlabel's list, reset xfer->tl to -1 while holding fc->tlabel_lock, so that the xfer isn't mis-identified as belonging to a tlabel. Thanks, --Will.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADBaqmgJY=N0bodBA%2BkyjkQuNnM%2BqvLML1UZvJU_JY=PLwg5hQ>