android_kernel_zuk_msm8996.git

diff options

author	Cong Wang <xiyou.wangcong@gmail.com>	2020-01-10 11:53:08 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-01-23 08:18:40 +0100
commit	629ae6077258ed01dc5ee66b242cb0c87593c0cb (patch)
tree	06a24409695b7851fac69db5b859b84167a7c294 /net/ipv4/tcp_input.c
parent	c51977ac593a903b9d6b08d5354d82e3e0c1f690 (diff)

netfilter: fix a use-after-free in mtype_destroy()

commit c120959387efa51479056fd01dc90adfba7a590c upstream. map->members is freed by ip_set_free() right before using it in mtype_ext_cleanup() again. So we just have to move it down. Reported-by: syzbot+4c3cc6dbe7259dbf9054@syzkaller.appspotmail.com Fixes: 40cd63bf33b2 ("netfilter: ipset: Support extensions which need a per data destroy function") Acked-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/ipv4/tcp_input.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: