]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
cifs: Fix use-after-free in SMB2_write
authorZhangXiaoxu <zhangxiaoxu5@huawei.com>
Sat, 6 Apr 2019 07:47:38 +0000 (15:47 +0800)
committerStefan Bader <stefan.bader@canonical.com>
Tue, 2 Jul 2019 10:07:53 +0000 (12:07 +0200)
commit3ac28ba44c8ce515a4d57422341e41a7ad5fc26e
tree14152e0bd366eec1f5e88cc85357690566a7f93d
parent7d9d3e0bd60f6fda9cb76530d81efc550006a32a
cifs: Fix use-after-free in SMB2_write

BugLink: https://bugs.launchpad.net/bugs/1830922
commit 6a3eb3360667170988f8a6477f6686242061488a upstream.

There is a KASAN use-after-free:
BUG: KASAN: use-after-free in SMB2_write+0x1342/0x1580
Read of size 8 at addr ffff8880b6a8e450 by task ln/4196

Should not release the 'req' because it will use in the trace.

Fixes: eccb4422cf97 ("smb3: Add ftrace tracepoints for improved SMB3 debugging")
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org> 4.18+
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
fs/cifs/smb2pdu.c