diff options
author | Pekka Enberg <penberg@cs.helsinki.fi> | 2008-07-26 20:49:33 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-26 20:49:33 -0400 |
commit | 93bc4e89c260d91576840c4881d1066d84ccd422 (patch) | |
tree | 456176a054fc9a3fed18ac6ce50c7a34a86c5808 /include/linux | |
parent | 3918fed5f31213067c1c345bd904e1ea369e6819 (diff) |
netfilter: fix double-free and use-after free
As suggested by Patrick McHardy, introduce a __krealloc() that doesn't
free the original buffer to fix a double-free and use-after-free bug
introduced by me in netfilter that uses RCU.
Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Tested-by: Dieter Ries <clip2@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/slab.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/slab.h b/include/linux/slab.h index 9aa90a6f20e0..be6f1d40b66a 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h | |||
@@ -96,6 +96,7 @@ int kmem_ptr_validate(struct kmem_cache *cachep, const void *ptr); | |||
96 | /* | 96 | /* |
97 | * Common kmalloc functions provided by all allocators | 97 | * Common kmalloc functions provided by all allocators |
98 | */ | 98 | */ |
99 | void * __must_check __krealloc(const void *, size_t, gfp_t); | ||
99 | void * __must_check krealloc(const void *, size_t, gfp_t); | 100 | void * __must_check krealloc(const void *, size_t, gfp_t); |
100 | void kfree(const void *); | 101 | void kfree(const void *); |
101 | size_t ksize(const void *); | 102 | size_t ksize(const void *); |