[PATCH 5/7] Staging: Beceem: use after free in bcm_exit()
Dan Carpenter
error27 at gmail.com
Mon Dec 6 07:02:55 UTC 2010
We can't call class_destroy() until after the driver has been deregistered.
It leads to a NULL deref on module unload.
Signed-off-by: Dan Carpenter <error27 at gmail.com>
---
drivers/staging/bcm/InterfaceInit.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/bcm/InterfaceInit.c b/drivers/staging/bcm/InterfaceInit.c
index dd82940..b4d2256 100644
--- a/drivers/staging/bcm/InterfaceInit.c
+++ b/drivers/staging/bcm/InterfaceInit.c
@@ -658,9 +658,8 @@ static __init int bcm_init(void)
static __exit void bcm_exit(void)
{
- class_destroy(bcm_class);
-
usb_deregister(&usbbcm_driver);
+ class_destroy(bcm_class);
}
module_init(bcm_init);
--
1.7.3.2.146.gca209.dirty
More information about the devel
mailing list