| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230905101222.1725230-1-konstantin.meskhidze@huawei.com>
Date: Tue, 5 Sep 2023 18:12:22 +0800
From: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
To: <richard@....at>
CC: <chengzhihao1@...wei.com>, <linux-mtd@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>, <yusongping@...wei.com>,
<artem.kuzin@...wei.com>
Subject: [PATCH] ubifs: fix possible dereference after free
'old_idx' could be dereferenced after free via 'rb_link_node' function
call.
Fixes: b5fda08ef213 ("ubifs: Fix memleak when insert_old_idx() failed")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
---
fs/ubifs/tnc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
index 6b7d95b65f4b..f4728e65d1bd 100644
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -64,8 +64,9 @@ static void do_insert_old_idx(struct ubifs_info *c,
p = &(*p)->rb_right;
else {
ubifs_err(c, "old idx added twice!");
kfree(old_idx);
+ return;
}
}
rb_link_node(&old_idx->rb, parent, p);
rb_insert_color(&old_idx->rb, &c->old_idx);
--
2.34.1
Powered by blists - more mailing lists