From: YOSHIFUJI Hideaki Date: Mon, 18 Sep 2006 13:37:58 +0000 (-0700) Subject: [ATM] CLIP: Do not refer freed skbuff in clip_mkip(). X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git [ATM] CLIP: Do not refer freed skbuff in clip_mkip(). In clip_mkip(), skb->dev is dereferenced after clip_push(), which frees up skb. Advisory: AD_LAB-06009 (). Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- diff --git a/net/atm/clip.c b/net/atm/clip.c index 7ce7bfe3fba..7af2c411da8 100644 --- a/net/atm/clip.c +++ b/net/atm/clip.c @@ -500,9 +500,11 @@ static int clip_mkip(struct atm_vcc *vcc, int timeout) } else { unsigned int len = skb->len; + skb_get(skb); clip_push(vcc, skb); PRIV(skb->dev)->stats.rx_packets--; PRIV(skb->dev)->stats.rx_bytes -= len; + kfree_skb(skb); } return 0; }