Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c53310d0 authored by Tomas Bortoli's avatar Tomas Bortoli Committed by Greg Kroah-Hartman
Browse files

net/9p/client.c: version pointer uninitialized 

commit 7913690dcc5e18e235769fd87c34143072f5dbea upstream.

The p9_client_version() does not initialize the version pointer. If the
call to p9pdu_readf() returns an error and version has not been allocated
in p9pdu_readf(), then the program will jump to the "error" label and will
try to free the version pointer. If version is not initialized, free()
will be called with uninitialized, garbage data and will provoke a crash.

Link: http://lkml.kernel.org/r/20180709222943.19503-1-tomasbortoli@gmail.com


Signed-off-by: default avatarTomas Bortoli <tomasbortoli@gmail.com>
Reported-by: default avatar <syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com>
Reviewed-by: default avatarJun Piao <piaojun@huawei.com>
Reviewed-by: default avatarYiwen Jiang <jiangyiwen@huawei.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarDominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent b69ef7c9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment