Skip to content
Snippets Groups Projects
Commit a6661da5 authored by Chenbo Feng's avatar Chenbo Feng Committed by Wei Wang
Browse files

ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree


When multiple threads is trying to tag/delete the same socket at the
same time, there is a chance the tag_ref_entry of the target socket to
be null before the uid_tag_data entry is freed. It is caused by the
ctrl_cmd_tag function where it doesn't correctly grab the spinlocks
when tagging a socket.

Signed-off-by: default avatarChenbo Feng <fengc@google.com>
Bug: 65853158
Change-Id: I5d89885918054cf835370a52bff2d693362ac5f0
parent 4d87c6eb
Branches
Tags
No related merge requests found
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment