Hello!
On 27.11.2018 10:02, Pan Bian wrote:
The function ceph_monc_handle_map calls kfree(old) to free the old
monitor map, old points to monc->monmap. However, after that, it reads
monc->monmap->epoch and passes it to __ceph_monc_got_map. This result in
a use-after-free bug. The patch moves the free operation after the call
to __ceph_monc_got_map.
Fixes: 82dcabad750("libceph: revamp subs code, switch to SUBSCRIBE2
Space needed before (.
protocol")
Never break up the commit summary in this tag.
Signed-off-by: Pan Bian <bianpan2016@xxxxxxx>
[...]
MBR, Sergei
