Patch "ubifs: fix possible dereference after free" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ubifs: fix possible dereference after free

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ubifs-fix-possible-dereference-after-free.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 4f6f3f612358eb750efbfcb1bf4df2c550826fac
Author: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
Date:   Tue Sep 5 18:12:22 2023 +0800

    ubifs: fix possible dereference after free
    
    [ Upstream commit d81efd66106c03771ffc8637855a6ec24caa6350 ]
    
    'old_idx' could be dereferenced after free via 'rb_link_node' function
    call.
    
    Fixes: b5fda08ef213 ("ubifs: Fix memleak when insert_old_idx() failed")
    Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
    Reviewed-by: Zhihao Cheng <chengzhihao1@xxxxxxxxxx>
    Signed-off-by: Richard Weinberger <richard@xxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
index 6b7d95b65f4b6..f4728e65d1bda 100644
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -65,6 +65,7 @@ static void do_insert_old_idx(struct ubifs_info *c,
 		else {
 			ubifs_err(c, "old idx added twice!");
 			kfree(old_idx);
+			return;
 		}
 	}
 	rb_link_node(&old_idx->rb, parent, p);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux