Re: [PATCH v2] tun: fix use-after-free when register netdev failed

On 2019/8/19 11:17, Jason Wang wrote: On 2019/8/16 下午7:00, Yang Yingliang wrote: [...] INIT_LIST_HEAD(&tun->disabled); - err = tun_attach(tun, file, false, ifr->ifr_flags & IFF_NAPI, -ifr->ifr_flags & IFF_NAPI_FRAGS); - if (e

Re: [PATCH v2] tun: fix use-after-free when register netdev failed

On 2019/8/16 下午7:00, Yang Yingliang wrote: > I got a UAF repport in tun driver when doing fuzzy test: > > [ 466.269490] > == > [ 466.271792] BUG: KASAN: use-after-free in tun_chr_read_iter+0x2ca/0x2d0 > [ 466.271806] Read of size

[PATCH v2] tun: fix use-after-free when register netdev failed

I got a UAF repport in tun driver when doing fuzzy test: [ 466.269490] == [ 466.271792] BUG: KASAN: use-after-free in tun_chr_read_iter+0x2ca/0x2d0 [ 466.271806] Read of size 8 at addr 888372139250 by task tun-test/2699 [ 466