blob: f7ccb41f49af73f131624879da0b83cb3993a934 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From 6e5a79de658cb1c8012c86e0837379aa6eabd024 Mon Sep 17 00:00:00 2001
From: Paul Emge <paulemge@forallsecure.com>
Date: Mon, 8 Jul 2019 16:37:04 -0700
Subject: [PATCH] CVE-2019-13105: ext4: fix double-free in ext4_cache_read
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
---
fs/ext4/ext4fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index 26db677a1f17..85dc122f3003 100644
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
if (!cache->buf)
return 0;
if (!ext4fs_devread(block, 0, size, cache->buf)) {
- free(cache->buf);
+ ext_cache_fini(cache);
return 0;
}
cache->block = block;
--
2.17.1
|
