On Tue, Oct 26, 2010 at 12:28:48PM +0200, Miklos Szeredi wrote: > Oops, broken patch. Here's the correct one. > > ---- > Subject: vfs: fix possible use after free in finish_open() > > From: Miklos Szeredi <mszeredi@xxxxxxx> > > In finish_open() nd->path is used after nameidata_to_filp() already > released it. Fix by acquiring a ref to nd->path and releasing after > the last use. Nice catch, but I'd do it differently; that is, do not drop reference in nameidata_to_filp() (and dup it if we do __dentry_open()) and drop it in callers instead. Will push in a few. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
