]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3c42cc4)
ubifs: fix possible dereference after free
authorKonstantin Meskhidze <konstantin.meskhidze@huawei.com>
Tue, 5 Sep 2023 10:12:22 +0000 (18:12 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 1 Jan 2024 12:39:06 +0000 (12:39 +0000)
[ Upstream commit d81efd66106c03771ffc8637855a6ec24caa6350 ]

'old_idx' could be dereferenced after free via 'rb_link_node' function
call.

Fixes: b5fda08ef213 ("ubifs: Fix memleak when insert_old_idx() failed")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/ubifs/tnc.c patch | blob | blame | history

diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
index 6b7d95b65f4b635709f31d0c37c2e1e9a45cba48..f4728e65d1bda4d4838b4373de92df76f3c2a4ae 100644 (file)
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c,
                else {
                        ubifs_err(c, "old idx added twice!");
                        kfree(old_idx);
+                       return;
                }
        }
        rb_link_node(&old_idx->rb, parent, p);
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git