[PATCH] smbfs: double free memory corruption - openslx/kernel-qcow2-linux.git

diff options

author	Vasily Averin	2007-03-16 22:38:24 +0100
committer	Linus Torvalds	2007-03-17 03:25:05 +0100
commit	1174cf730179d8f029b9e93cb9a4d5bfb08d1202 (patch)
tree	0d02da2b8a543ff014f44e87c78fd9e837861113 /include/linux
parent	[PATCH] bool fbdevs must depend on FB = y (diff)
download	kernel-qcow2-linux-1174cf730179d8f029b9e93cb9a4d5bfb08d1202.tar.gz kernel-qcow2-linux-1174cf730179d8f029b9e93cb9a4d5bfb08d1202.tar.xz kernel-qcow2-linux-1174cf730179d8f029b9e93cb9a4d5bfb08d1202.zip

[PATCH] smbfs: double free memory corruption

smbfs allocates rq_trans2buffer to handle server's multi transaction2 response messages. As struct smb_request may be reused, rq_trans2buffer is freed before each new request. However if last servers's response is not multi but single trans2 message then new rq_trans2buffer is not allocated but last smb_rput still tries to free it again. To prevent this issue rq_trans2buffer pointer should be set to NULL after kfree. Signed-off-by: Vasily Averin <vvs@sw.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: