We use cookies to ensure you get the best experience on our website
Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
0ct0pu5
/
ladybird
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

Kernel/USB: Remove UAF in device removal

I was using a raw pointer instead of a RefPtr to keep the device alive
during removal.
Luke há 4 anos atrás
pai
a548366425
commit
51b6bd8d95
1 ficheiros alterados com 2 adições e 2 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 2 2
      Kernel/Bus/USB/USBHub.cpp

+ 2 - 2
Kernel/Bus/USB/USBHub.cpp
Ver Ficheiro 

@@ -297,7 +297,7 @@ void Hub::check_for_port_updates()
 
             } else {
 
                 dbgln("USB Hub: Device detached on port {}!", port_number);
 
 
-                Device* device_to_remove = nullptr;
 
+                RefPtr<Device> device_to_remove = nullptr;
 
                 for (auto& child : m_children) {
 
                     if (port_number == child.port()) {
 
                         device_to_remove = &child;
 
@@ -310,7 +310,7 @@ void Hub::check_for_port_updates()
 
                     SysFSUSBBusDirectory::the().unplug(*device_to_remove);
 
 
                     if (device_to_remove->device_descriptor().device_class == USB_CLASS_HUB) {
 
-                        auto* hub_child = static_cast<Hub*>(device_to_remove);
 
+                        auto* hub_child = static_cast<Hub*>(device_to_remove.ptr());
 
                         hub_child->remove_children_from_sysfs();
 
                     }
 
                 } else {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5