| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190523181723.408443846@linuxfoundation.org>
Date: Thu, 23 May 2019 21:05:40 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Lars Persson <lists@...h.nu>,
Ronnie Sahlberg <lsahlber@...hat.com>,
Pavel Shilovsky <pshilov@...rosoft.com>,
Steve French <stfrench@...rosoft.com>,
Sasha Levin <alexander.levin@...rosoft.com>
Subject: [PATCH 4.14 22/77] Revert "cifs: fix memory leak in SMB2_read"
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
This reverts commit c54a881d793e3eea2a1b1460c5778b22128821ea which is
commit 05fd5c2c61732152a6bddc318aae62d7e436629b upstream.
Lars writes:
This patch should not be in 4.14-stable because
088aaf17aa79300cab14dbee2569c58cfafd7d6e was for 4.18+.
Now we have a double-free crash in SMB2_read because there are 2
calls to cifs_small_buf_release in the error path.
It was a mistake to backport it this far, so let's revert it.
Reported-by: Lars Persson <lists@...h.nu>
Cc: Ronnie Sahlberg <lsahlber@...hat.com>
Cc: Pavel Shilovsky <pshilov@...rosoft.com>
Cc: Steve French <stfrench@...rosoft.com>
Cc: Sasha Levin <alexander.levin@...rosoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
fs/cifs/smb2pdu.c | 1 -
1 file changed, 1 deletion(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2699,7 +2699,6 @@ SMB2_read(const unsigned int xid, struct
cifs_dbg(VFS, "Send error in read = %d\n", rc);
}
free_rsp_buf(resp_buftype, rsp_iov.iov_base);
- cifs_small_buf_release(req);
return rc == -ENODATA ? 0 : rc;
}
Powered by blists - more mailing lists