diff options
author | Guillaume Nault <g.nault@alphalink.fr> | 2016-03-14 21:17:16 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-03-16 19:35:06 -0400 |
commit | e8e56ffd9d2973398b60ece1f1bebb8d67b4d032 (patch) | |
tree | 06154afcd07d48f65e66a388f0f8634efdd6cfbf /firmware | |
parent | Merge branch 'arc_emac-next' (diff) | |
download | linux-dev-e8e56ffd9d2973398b60ece1f1bebb8d67b4d032.tar.xz linux-dev-e8e56ffd9d2973398b60ece1f1bebb8d67b4d032.zip |
ppp: ensure file->private_data can't be overridden
Locking ppp_mutex must be done before dereferencing file->private_data,
otherwise it could be modified before ppp_unattached_ioctl() takes the
lock. This could lead ppp_unattached_ioctl() to override ->private_data,
thus leaking reference to the ppp_file previously pointed to.
v2: lock all ppp_ioctl() instead of just checking private_data in
ppp_unattached_ioctl(), to avoid ambiguous behaviour.
Fixes: f3ff8a4d80e8 ("ppp: push BKL down into the driver")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'firmware')
0 files changed, 0 insertions, 0 deletions