2949ad5071
File position is not controlled, it may lead to overwrites of arbitrary kernel memory. Also the code may kfree() the same pointer multiple times. One more flaw is still present: if multiple processes open the file then all 3 static variables are shared, leading to various race conditions. They should be moved to file->private_data. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Reviewed-by: WANG Cong <xiyou.wangcong@gmail.com> Reviewed-by: Eugene Teo <eugeneteo@kernel.org> Cc: stable@kernel.org Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2.1 KiB
2.1 KiB