| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <939c0385-8663-91a2-df20-920f264a2aa1@huawei.com>
Date: Wed, 6 Sep 2023 09:42:27 +0800
From: Zhihao Cheng <chengzhihao1@...wei.com>
To: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>,
<richard@....at>
CC: <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
<yusongping@...wei.com>, <artem.kuzin@...wei.com>
Subject: Re: [PATCH] ubifs: fix possible dereference after free
在 2023/9/5 18:12, Konstantin Meskhidze 写道:
> 'old_idx' could be dereferenced after free via 'rb_link_node' function
> call.
>
> Fixes: b5fda08ef213 ("ubifs: Fix memleak when insert_old_idx() failed")
> Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
> ---
> fs/ubifs/tnc.c | 1 +
> 1 file changed, 1 insertion(+)
>
Only for static alarms,although it couldn't happen in theory.
Reviewed-by: Zhihao Cheng <chengzhihao1@...wei.com>
> diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
> index 6b7d95b65f4b..f4728e65d1bd 100644
> --- a/fs/ubifs/tnc.c
> +++ b/fs/ubifs/tnc.c
> @@ -64,8 +64,9 @@ static void do_insert_old_idx(struct ubifs_info *c,
> p = &(*p)->rb_right;
> else {
> ubifs_err(c, "old idx added twice!");
> kfree(old_idx);
> + return;
> }
> }
> rb_link_node(&old_idx->rb, parent, p);
> rb_insert_color(&old_idx->rb, &c->old_idx);
>
Powered by blists - more mailing lists