Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1b96f895 authored by Sven Schnelle's avatar Sven Schnelle Committed by James Bottomley
Browse files

[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference 



Fix NULL pointer dereference during execution of Internal commands,
where gdth only allocates scp, but not scp->sense_buffer. The rest of
the code assumes that sense_buffer is allocated, which leads to a kernel
oops e.g. on reboot (during cache flush).

Signed-off-by: default avatarSven Schnelle <svens@stackframe.org>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
parent 4d3995b1

drivers/scsi/gdth.c

+7 −0
Original line number Diff line number Diff line
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, 
    if (!scp)

        return -ENOMEM;



    scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);

    if (!scp->sense_buffer) {

	kfree(scp);

	return -ENOMEM;

    }



    scp->device = sdev;

    memset(&cmndinfo, 0, sizeof(cmndinfo));
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd, 
    rval = cmndinfo.status;

    if (info)

        *info = cmndinfo.info;

    kfree(scp->sense_buffer);

    kfree(scp);

    return rval;

}