summaryrefslogtreecommitdiff
path: root/lib/test_fortify/write_overflow-strncpy-src.c
diff options
context:
space:
mode:
authorDuoming Zhou <duoming@zju.edu.cn>2022-08-18 17:06:21 +0800
committerDavid S. Miller <davem@davemloft.net>2022-08-22 14:51:30 +0100
commitf1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6 (patch)
tree347a36b38df094a5bf289f6aa60a7720fdb7d96f /lib/test_fortify/write_overflow-strncpy-src.c
parent6e10001c6e666f7e07e3cfd806d8fa11c4151d00 (diff)
nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
When the pn532 uart device is detaching, the pn532_uart_remove() is called. But there are no functions in pn532_uart_remove() that could delete the cmd_timeout timer, which will cause use-after-free bugs. The process is shown below: (thread 1) | (thread 2) | pn532_uart_send_frame pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...) ... | (wait a time) kfree(pn532) //FREE | pn532_cmd_timeout | pn532_uart_send_frame | pn532->... //USE This patch adds del_timer_sync() in pn532_uart_remove() in order to prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc() is well synchronized, it sets nfc_dev->shutting_down to true and there are no syscalls could restart the cmd_timeout timer. Fixes: c656aa4c27b1 ("nfc: pn533: add UART phy driver") Signed-off-by: Duoming Zhou <duoming@zju.edu.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy-src.c')
0 files changed, 0 insertions, 0 deletions