Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7913690d authored by Tomas Bortoli's avatar Tomas Bortoli Committed by Dominique Martinet
Browse files

net/9p/client.c: version pointer uninitialized 

The p9_client_version() does not initialize the version pointer. If the
call to p9pdu_readf() returns an error and version has not been allocated
in p9pdu_readf(), then the program will jump to the "error" label and will
try to free the version pointer. If version is not initialized, free()
will be called with uninitialized, garbage data and will provoke a crash.

Link: http://lkml.kernel.org/r/20180709222943.19503-1-tomasbortoli@gmail.com


Signed-off-by: default avatarTomas Bortoli <tomasbortoli@gmail.com>
Reported-by: default avatar <syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com>
Reviewed-by: default avatarJun Piao <piaojun@huawei.com>
Reviewed-by: default avatarYiwen Jiang <jiangyiwen@huawei.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarDominique Martinet <dominique.martinet@cea.fr>
parent 6baaac09
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment