GitHub-Mirror/linux-bl808
2
0
Fork 0
mirror of https://github.com/Fishwaldo/linux-bl808.git synced 2025-03-18 04:54:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

cifsd: Fix a use after free on error path

Browse source 
The ksmbd_free_work_struct() frees "work" so we need to swap the order
of these two function calls to avoid a use after free.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Dan Carpenter 2021-03-18 16:12:54 +03:00 committed by Steve French
parent 8ef3296706
commit a2ba2709f5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
fs/cifsd/oplock.c
View file

@ -638,8 +638,8 @@ static void __smb2_oplock_break_noti(struct work_struct *wk)
if (allocate_oplock_break_buf(work)) {
ksmbd_err("smb2_allocate_rsp_buf failed! ");
atomic_dec(&conn->r_count);
ksmbd_free_work_struct(work);
ksmbd_fd_put(work, fp);
ksmbd_free_work_struct(work);
return;
}