lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Dec 2010 19:17:02 +0100 (CET) From: Jesper Juhl <jj@...osbits.net> To: ceph-devel@...r.kernel.org cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Sage Weil <sage@...dream.net>, "David S. Miller" <davem@...emloft.net> Subject: [PATCH] Ceph: Fix a use-after-free bug in ceph_destroy_client(). Hello, In net/ceph/ceph_common.c::ceph_destroy_client() the pointer 'client' is freed by kfree() and subsequently used in a call to dout() - use after free bug. Easily fixed by simply moving the kfree() call after the dout() call. Signed-off-by: Jesper Juhl <jj@...osbits.net> --- ceph_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index f3e4a13..890bbbf 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c @@ -408,8 +408,8 @@ void ceph_destroy_client(struct ceph_client *client) ceph_destroy_options(client->options); - kfree(client); dout("destroy_client %p done\n", client); + kfree(client); } EXPORT_SYMBOL(ceph_destroy_client); -- Jesper Juhl <jj@...osbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists