git.osdn.net Git - sagit-ice-cold/kernel_xiaomi

author	Tomas Bortoli <tomasbortoli@gmail.com>
	Mon, 9 Jul 2018 22:29:43 +0000 (00:29 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 9 Sep 2018 18:04:33 +0000 (20:04 +0200)
commit	34cc7cf15e16a34447581a5956bf1a434fcb190f
tree	f796503bc2a0044951418c08b1cb27d1dbc16c25	tree \| snapshot
parent	1d2e1e399f86ca085eb85a9f68c20cf4fbf2c79d	commit \| diff

net/9p/client.c: version pointer uninitialized

commit 7913690dcc5e18e235769fd87c34143072f5dbea upstream.

The p9_client_version() does not initialize the version pointer. If the
call to p9pdu_readf() returns an error and version has not been allocated
in p9pdu_readf(), then the program will jump to the "error" label and will
try to free the version pointer. If version is not initialized, free()
will be called with uninitialized, garbage data and will provoke a crash.

Link: http://lkml.kernel.org/r/20180709222943.19503-1-tomasbortoli@gmail.com
Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com
Reviewed-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>