Re: [PATCH] VSOCK: fix vhost virtio_vsock_pkt use-after-free

On Thu, Aug 04, 2016 at 07:34:43PM +0300, Michael S. Tsirkin wrote: > On Thu, Aug 04, 2016 at 02:52:53PM +0100, Stefan Hajnoczi wrote: > > Stash the packet length in a local variable before handing over > > ownership of the packet to virtio_transport_recv_pkt() or > > virtio_transport_free_pkt(). >

Re: [PATCH] VSOCK: fix vhost virtio_vsock_pkt use-after-free

On Thu, Aug 04, 2016 at 02:52:53PM +0100, Stefan Hajnoczi wrote: > Stash the packet length in a local variable before handing over > ownership of the packet to virtio_transport_recv_pkt() or > virtio_transport_free_pkt(). > > This patch solves the use-after-free since pkt is no longer guaranteed >

[PATCH] VSOCK: fix vhost virtio_vsock_pkt use-after-free

Stash the packet length in a local variable before handing over ownership of the packet to virtio_transport_recv_pkt() or virtio_transport_free_pkt(). This patch solves the use-after-free since pkt is no longer guaranteed to be alive. Reported-by: Dan Carpenter Signed-off-by: Stefan Hajnoczi --