CIFS: fix use-after-free of the lease keys - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Aurelien Aptel <[email protected]>	2019-01-31 13:46:07 +0100
committer	Steve French <[email protected]>	2019-01-31 07:03:20 -0600
commit	d339adc12a4f885b572c5412e4869af8939db854 (patch)
tree	44cd5a49b6e7aadd4cb5bef580ff03164f43344a /net/lapb/lapb_subr.c
parent	082aaa8700415f6471ec9c5ef0c8307ca214989a (diff)

CIFS: fix use-after-free of the lease keys

The request buffers are freed right before copying the pointers. Use the func args instead which are identical and still valid. Simple reproducer (requires KASAN enabled) on a cifs mount: echo foo > foo ; tail -f foo & rm foo Cc: <[email protected]> # 4.20 Fixes: 179e44d49c2f ("smb3: add tracepoint for sending lease break responses to server") Signed-off-by: Aurelien Aptel <[email protected]> Signed-off-by: Steve French <[email protected]> Reviewed-by: Paulo Alcantara <[email protected]>

Diffstat (limited to 'net/lapb/lapb_subr.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: