File position is not controlled, it may lead to overwrites of arbitrary
kernel memory. Also the code may kfree() the same pointer multiple
times.
One more flaw is still present: if multiple processes open the file then
all 3 static variables are shared, leading to various race conditions.
They should be moved to file->private_data.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Reviewed-by: WANG Cong <xiyou.wangcong@gmail.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
Cc: stable@kernel.org
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
git.openpandora.org / pandora-kernel.git / commitdiff