Fwd: drivers/net/wireless/libertas/rx.c: use-after-free

Holger Schurig hs4233 at mail.mn-solutions.de
Sat Jun 30 15:14:53 EDT 2007

Hi Marcello,

see the attached message from Adrian bunk.

I've done a

   git-show 9012b28a407511fb355f6d2176a12d4653489672

and indeed I'm seeing the line

   skb->protocol = __constant_htons(0x0019);       /* ETH_P_80211_RAW */

You did the commit into the libertas-git tree for me.

However, I don't have the slightest clue how this line
made it into this patch. I suggested this patch in on
23rd February with the subject "patch to taylor debug
output", but the link to the git tree where the patch
was in is gone.

However, the above git-show did show a date of May, 25th.
How comes?  My patch was from February?!?!

And I'm quite sure that I didn't do anything in my
patch with skb->protocol. I hardly know anything about
skb's, just learnt recently for my if_cs.c file, so I
cannot imagine that I ever set any protocol field while
not knowing what's going on there. Did this line slip
in from your own code?

In rx.c before commit 9012b28a407511fb355f6d2176a12d4653489672,
there is no mentioning of skb->protocol at all. Do you
think the right fix is to simply remove this line?
-------------- next part --------------
An embedded message was scrubbed...
From: Adrian Bunk <bunk at stusta.de>
Subject: drivers/net/wireless/libertas/rx.c: use-after-free
Date: Fri, 29 Jun 2007 21:51:16 +0200
Size: 2849
Url: http://lists.infradead.org/pipermail/libertas-dev/attachments/20070630/da196d3b/attachment.mht 

More information about the libertas-dev mailing list