leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7913690dcc
linux/net/9p
History
Tomas Bortoli 7913690dcc net/9p/client.c: version pointer uninitialized 
The p9_client_version() does not initialize the version pointer. If the
call to p9pdu_readf() returns an error and version has not been allocated
in p9pdu_readf(), then the program will jump to the "error" label and will
try to free the version pointer. If version is not initialized, free()
will be called with uninitialized, garbage data and will provoke a crash.

Link: http://lkml.kernel.org/r/20180709222943.19503-1-tomasbortoli@gmail.com
Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com
Reviewed-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
2018-08-13 09:21:44 +09:00
..
client.c net/9p/client.c: version pointer uninitialized 2018-08-13 09:21:44 +09:00
error.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
Kconfig IB: Revert "remove redundant INFINIBAND kconfig dependencies" 2018-05-28 10:40:16 -06:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mod.c net/9p: correct the variable name in v9fs_get_trans_by_name() comment 2018-05-07 23:38:15 -04:00
protocol.c 9p/net/protocol.c: return -ENOMEM when kmalloc() failed 2018-08-13 09:21:44 +09:00
protocol.h net/9p: Convert net/9p protocol dumps to tracepoints 2011-10-24 11:13:12 -05:00
trans_common.c net/9p: correct some comment errors in 9p file system code 2018-05-10 08:21:53 -04:00
trans_common.h net/9p: remove (now-)unused helpers 2015-04-11 22:28:29 -04:00
trans_fd.c Merge branch 'work.aio-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-04 13:57:43 -07:00
trans_rdma.c net/9p: correct some comment errors in 9p file system code 2018-05-10 08:21:53 -04:00
trans_virtio.c net/9p: fix error path of p9_virtio_probe 2018-08-13 09:21:44 +09:00
trans_xen.c net/9p/trans_xen.c: don't inclide rwlock.h directly 2018-06-07 17:34:34 -07:00
util.c net/9p: convert to idr_alloc() 2013-02-27 19:10:20 -08:00