Re: [PATCH net v3] net: ravb: Fix possible UAF bug in ravb_remove
From: Zheng Hacker
Date: Mon Jul 17 2023 - 09:22:11 EST
Lee Jones <lee@xxxxxxxxxx> 于2023年7月17日周一 21:04写道:
>
> On Sun, 16 Jul 2023, Zheng Hacker wrote:
> > Zheng Hacker <hackerzheng666@xxxxxxxxx> 于2023年7月16日周日 10:11写道:
> > >
> > > Hello,
> > >
> > > This bug is found by static analysis. I'm sorry that my friends apply
> > > for a CVE number before we really fix it. We made a list about the
> > > bugs we have submitted and wouldn't disclose them before the fix. But
> > > we had a inconsistent situation last month. And we applied it by
> > > mistake foe we thought we had fixed it. And so sorry about my late
> > > reply, I'll see the patch right now.
> > >
> > > Best regards,
> > > Zheng Wang
> > >
> > > Sergey Shtylyov <s.shtylyov@xxxxxx> 于2023年7月16日周日 04:48写道:
> > > >
> > > > On 7/15/23 7:07 PM, Zheng Hacker wrote:
> > > >
> > > > > Sorry for my late reply. I'll see what I can do later.
> > > >
> > > > That's good to hear!
> > > > Because I'm now only able to look at it during weekends...
> > > >
> > > > > Lee Jones <lee@xxxxxxxxxx> 于2023年7月12日周三 19:56写道:
> > > > >>
> > > > >> On Mon, 10 Jul 2023, Jakub Kicinski wrote:
> > > > >>
> > > > >>> On Mon, 10 Jul 2023 12:42:53 +0100 Lee Jones wrote:
> > > > >>>> For better or worse, it looks like this issue was assigned a CVE.
> > > > >>>
> > > > >>> Ugh, what a joke.
> > > > >>
> > > > >> I think that's putting it politely. :)
> >
> > After reviewing the code, I think it's better to put the code in
> > ravb_remove. For the ravb_remove is bound with the device and
> > ravb_close is bound with the file. We may not call ravb_close if
> > there's no file opened.
>
> When you do submit this, would you be kind enough to Cc me please?
>
Oh sorry for my rudeness. I use reply to all in gmail and it didn't
add new people from conversation.
MBR,
Zheng
> --
> Lee Jones [李琼斯]