Details
[Home]
Issue of the Implementation # L0162
Brief
farsync: fix invalid memory accesses in fst_add_one() and fst_init_card()
Detailed Description
There are several issues in fst_add_one() and fst_init_card():
- invalid pointer dereference at card->ports[card->nports - 1] if register_hdlc_device() fails for the first port in fst_init_card();
- fst_card_array overflow at fst_card_array[no_of_cards_added] because there is no checks for array overflow;
- use after free because pointer to deallocated card is left in fst_card_array if something fails after fst_card_array[no_of_cards_added] = card;
- several leaks on failure paths in fst_add_one().
Component
linux-kernel 3.15
Accepted
https://lkml.org/lkml/2014/7/10/676
commit
Status
Fixed in kernel 3.16-rc6
[Home]
»