Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2997ea7d authored by Chenbo Feng's avatar Chenbo Feng Committed by Srinivasa Rao Kuppala
Browse files

ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree 



When multiple threads is trying to tag/delete the same socket at the
same time, there is a chance the tag_ref_entry of the target socket to
be null before the uid_tag_data entry is freed. It is caused by the
ctrl_cmd_tag function where it doesn't correctly grab the spinlocks
when tagging a socket.

Signed-off-by: default avatarChenbo Feng <fengc@google.com>
Bug: 65853158
Change-Id: I5d89885918054cf835370a52bff2d693362ac5f0
Git-repo: https://android.googlesource.com/kernel/msm


Git-commit: a6661da56dc61b67cc65222b71896a775ceb17be
Signed-off-by: default avatarDennis Cagle <dcagle@codeaurora.org>
parent 79655550
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment