From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 30 Dec 2023 11:45:39 +0000 (+0000)
Subject: 5.10-stable patches
X-Git-Tag: v6.1.70~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=74dfdcf68f28151001ea599ec30ad0652efdfd1f;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	9p-net-fix-possible-memory-leak-in-p9_check_errors.patch
---

diff --git a/queue-5.10/9p-net-fix-possible-memory-leak-in-p9_check_errors.patch b/queue-5.10/9p-net-fix-possible-memory-leak-in-p9_check_errors.patch
new file mode 100644
index 00000000000..a67ad8f4504
--- /dev/null
+++ b/queue-5.10/9p-net-fix-possible-memory-leak-in-p9_check_errors.patch
@@ -0,0 +1,45 @@
+From ce07087964208eee2ca2f9ee4a98f8b5d9027fe6 Mon Sep 17 00:00:00 2001
+From: Hangyu Hua <hbh25y@gmail.com>
+Date: Fri, 27 Oct 2023 11:03:02 +0800
+Subject: 9p/net: fix possible memory leak in p9_check_errors()
+
+From: Hangyu Hua <hbh25y@gmail.com>
+
+commit ce07087964208eee2ca2f9ee4a98f8b5d9027fe6 upstream.
+
+When p9pdu_readf() is called with "s?d" attribute, it allocates a pointer
+that will store a string. But when p9pdu_readf() fails while handling "d"
+then this pointer will not be freed in p9_check_errors().
+
+Fixes: 51a87c552dfd ("9p: rework client code to use new protocol support functions")
+Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
+Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
+Message-ID: <20231027030302.11927-1-hbh25y@gmail.com>
+Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=218235
+Signed-off-by: Alexey Panov <apanov@astralinux.ru>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/9p/client.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -520,11 +520,14 @@ static int p9_check_errors(struct p9_cli
+ 		return 0;
+ 
+ 	if (!p9_is_proto_dotl(c)) {
+-		char *ename;
++		char *ename = NULL;
++
+ 		err = p9pdu_readf(&req->rc, c->proto_version, "s?d",
+ 				  &ename, &ecode);
+-		if (err)
++		if (err) {
++			kfree(ename);
+ 			goto out_err;
++		}
+ 
+ 		if (p9_is_proto_dotu(c) && ecode < 512)
+ 			err = -ecode;
diff --git a/queue-5.10/series b/queue-5.10/series
index 9ba0d6a7f75..b3fe8ff7868 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -48,3 +48,4 @@ tracing-synthetic-disable-events-after-testing-in-synth_event_gen_test_init.patc
 bus-ti-sysc-flush-posted-write-only-after-srst_udelay.patch
 lib-vsprintf-fix-pfwf-when-current-node-refcount-0.patch
 x86-alternatives-sync-core-before-enabling-interrupts.patch
+9p-net-fix-possible-memory-leak-in-p9_check_errors.patch