dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-11-02 11:26:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

net: phy: ncsi: fixed not nullify the pointers after free

Browse Source 
The issue occurs the UAF (use-after-free) to cause double free
when do the realloc function for the pointers during the
reinitialization NC-SI process, and it will cause the memory
management occurs error.
So, nullify these pointers after free.

Signed-off-by: Jacky Chou <jacky_chou@aspeedtech.com>
This commit is contained in:
Jacky Chou
2023-12-29 09:45:55 +08:00
committed by Tom Rini
parent ab8d9ca304
commit 22f314e01c
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/phy/ncsi.c
View File

@@ -619,9 +619,12 @@ static void ncsi_handle_aen(struct ip_udp_hdr *ip, unsigned int len)
/* Link or configuration lost - just redo the discovery process */
ncsi_priv->state = NCSI_PROBE_PACKAGE_SP;
for (i = 0; i < ncsi_priv->n_packages; i++)
for (i = 0; i < ncsi_priv->n_packages; i++) {
free(ncsi_priv->packages[i].channels);
ncsi_priv->packages[i].channels = NULL;
}
free(ncsi_priv->packages);
ncsi_priv->packages = NULL;
ncsi_priv->n_packages = 0;
ncsi_priv->current_package = NCSI_PACKAGE_MAX;