linux-hardened/drivers/firewire
Stefan Richter 10a4c73551 firewire: fix panic in handle_at_packet
This fixes a use-after-free bug in the handling of split transactions.
The AT DMA handler of the request was occasionally executed after the
AR DMA handler of the response.  The AT DMA handler then accessed an
already freed packet.

Reported by Johannes Berg.
http://bugzilla.kernel.org/show_bug.cgi?id=9617

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Tested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
2008-03-20 18:13:05 +01:00
..
fw-card.c firewire: fix crash in automatic module unloading 2008-03-02 12:35:46 +01:00
fw-cdev.c firewire: fix NULL pointer deref. and resource leak 2008-02-21 19:05:56 +01:00
fw-device.c firewire: fix crash in automatic module unloading 2008-03-02 12:35:46 +01:00
fw-device.h firewire: fix crash in automatic module unloading 2008-03-02 12:35:46 +01:00
fw-iso.c firewire: Clean up comment style. 2007-05-10 18:24:13 +02:00
fw-ohci.c firewire: fw-ohci: shut up false compiler warning on PPC32 2008-03-14 00:57:00 +01:00
fw-ohci.h firewire: fw-ohci: check for misconfigured bus (phyID == 63) 2007-10-17 00:00:08 +02:00
fw-sbp2.c firewire: fw-sbp2: fix for SYM13FW500 bridge (Datafab disk) 2008-03-14 00:56:59 +01:00
fw-topology.c firewire: warn on fatal condition in topology code 2008-03-14 00:56:59 +01:00
fw-topology.h firewire: a header cleanup 2007-10-17 00:00:09 +02:00
fw-transaction.c firewire: fix panic in handle_at_packet 2008-03-20 18:13:05 +01:00
fw-transaction.h firewire: endianess annotations 2008-03-14 00:56:58 +01:00
Kconfig firewire: update Kconfig help text 2008-03-14 00:56:59 +01:00
Makefile firewire: prefix modules with firewire- instead of fw- 2007-05-27 23:21:01 +02:00