projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: faeb94c) | patch
ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree
authorChenbo Feng <fengc@google.com>
Wed, 29 Nov 2017 02:22:11 +0000 (18:22 -0800)
committerTodd Kjos <tkjos@google.com>
Wed, 7 Feb 2018 23:31:35 +0000 (15:31 -0800)
commit535917873f243d4522314dcd0d227f80d1380aa5
treea965d5d8e9dece9d00411ebb0feed50dc02e648atree | snapshot (tar.gz zip)
parentfaeb94c01fdaaceb3f35202151f1d58e68f44b2ccommit | diff
ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree

When multiple threads is trying to tag/delete the same socket at the
same time, there is a chance the tag_ref_entry of the target socket to
be null before the uid_tag_data entry is freed. It is caused by the
ctrl_cmd_tag function where it doesn't correctly grab the spinlocks
when tagging a socket.

Signed-off-by: Chenbo Feng <fengc@google.com>
Bug: 65853158
Change-Id: I5d89885918054cf835370a52bff2d693362ac5f0
net/netfilter/xt_qtaguid.c diff | blob | blame | history