!6082 can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)

	int ifindex;

	struct j1939_addr addr;

	spinlock_t filters_lock;

	struct j1939_filter *filters;

	int nfilters;

	pgn_t pgn_rx_filter;

static bool j1939_sk_match_filter(struct j1939_sock *jsk,

				  const struct j1939_sk_buff_cb *skcb)

{

	const struct j1939_filter *f = jsk->filters;

	int nfilter = jsk->nfilters;

	const struct j1939_filter *f;

	int nfilter;

	spin_lock_bh(&jsk->filters_lock);

	f = jsk->filters;

	nfilter = jsk->nfilters;

	if (!nfilter)

		/* receive all when no filters are assigned */

		return true;

		goto filter_match_found;

	for (; nfilter; ++f, --nfilter) {

		if ((skcb->addr.pgn & f->pgn_mask) != f->pgn)

			continue;

		if ((skcb->addr.src_name & f->name_mask) != f->name)

			continue;

		return true;

		goto filter_match_found;

	}

	spin_unlock_bh(&jsk->filters_lock);

	return false;

filter_match_found:

	spin_unlock_bh(&jsk->filters_lock);

	return true;

}

static bool j1939_sk_recv_match_one(struct j1939_sock *jsk,

	atomic_set(&jsk->skb_pending, 0);

	spin_lock_init(&jsk->sk_session_queue_lock);

	INIT_LIST_HEAD(&jsk->sk_session_queue);

	spin_lock_init(&jsk->filters_lock);

	/* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */

	sock_set_flag(sk, SOCK_RCU_FREE);

		}

		lock_sock(&jsk->sk);

		spin_lock_bh(&jsk->filters_lock);

		ofilters = jsk->filters;

		jsk->filters = filters;

		jsk->nfilters = count;

		spin_unlock_bh(&jsk->filters_lock);

		release_sock(&jsk->sk);

		kfree(ofilters);

		return 0;