[PATCH] Fix use-after-free when trying to load an invalid module

Luca Barbieri (lb@lb.ods.org)
14 Jun 2003 14:08:32 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tom Alsberg: "PCI ID Patch for Intel Ether Express Pro 100 VE (82801BA)"
Previous message: Luca Barbieri: "[PATCH] Fix use-after-free in tun/tap driver"

mod->module_core contains the mod structure, so it must be freed after
mod->percpu.
However, initialization happens in the opposite order because mod is
moved after that, so we need to initialize module_core to 0 and check it
later.

--- linux-2.5.70/kernel/module.c~ 2003-06-02 10:50:57.000000000 +0200
+++ linux-2.5.70/kernel/module.c 2003-06-11 18:08:47.000000000 +0200
@@ -1417,6 +1417,7 @@ static struct module *load_module(void _
if (err < 0)
goto free_mod;

+ mod->module_core = NULL;
if (pcpuindex) {
/* We have a special allocation for this section. */
mod->percpu = percpu_modalloc(sechdrs[pcpuindex].sh_size,
@@ -1565,10 +1566,12 @@ static struct module *load_module(void _
module_unload_free(mod);
module_free(mod, mod->module_init);
free_core:
- module_free(mod, mod->module_core);
free_percpu:
if (mod->percpu)
percpu_modfree(mod->percpu);
+
+ if(mod->module_core)
+ module_free(mod, mod->module_core);
free_mod:
kfree(args);
free_hdr:

-- 
Luca Barbieri <lb@lb.ods.org>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Tom Alsberg: "PCI ID Patch for Intel Ether Express Pro 100 VE (82801BA)"
Previous message: Luca Barbieri: "[PATCH] Fix use-after-free in tun/tap driver"