projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5f5b71) | patch
ext2: fix potential use after free
authorPan Bian <bianpan2016@163.com>
Sun, 25 Nov 2018 00:58:02 +0000 (08:58 +0800)
committerJan Kara <jack@suse.cz>
Tue, 27 Nov 2018 09:21:15 +0000 (10:21 +0100)
commitecebf55d27a11538ea84aee0be643dd953f830d5
tree5f017acb4a15f183e2c0bbb28ffe4487824c6493tree | snapshot
parente5f5b717983bccfa033282e9886811635602510ecommit | diff
ext2: fix potential use after free

The function ext2_xattr_set calls brelse(bh) to drop the reference count
of bh. After that, bh may be freed. However, following brelse(bh),
it reads bh->b_data via macro HDR(bh). This may result in a
use-after-free bug. This patch moves brelse(bh) after reading field.

CC: stable@vger.kernel.org
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Jan Kara <jack@suse.cz>
fs/ext2/xattr.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)