On Thu, 24 May 2001, Dawson Engler wrote:
> [BUG] [BAD] Returns a freed pointer -- very very bad.
... and easy to fix.
> /u2/engler/mc/oses/linux/2.4.4/fs/proc/generic.c:438:proc_symlink: ERROR:FREE:430:438: WARN: Use-after-free of "ent"! set by 'kfree':430
> ent->namelen = len;
> ent->nlink = 1;
> ent->mode = S_IFLNK|S_IRUGO|S_IWUGO|S_IXUGO;
> ent->data = kmalloc((ent->size=strlen(dest))+1, GFP_KERNEL);
> if (!ent->data) {
> Start --->
> kfree(ent);
> goto out;
> }
> strcpy((char*)ent->data,dest);
>
> proc_register(parent, ent);
>
> out:
> Error --->
> return ent;
--- linux/fs/proc/generic.c.old Fri Feb 16 21:01:43 2001
+++ linux/fs/proc/generic.c Thu May 24 17:13:22 2001
@@ -428,6 +428,7 @@
ent->data = kmalloc((ent->size=strlen(dest))+1, GFP_KERNEL);
if (!ent->data) {
kfree(ent);
+ ent = NULL;
goto out;
}
strcpy((char*)ent->data,dest);
Linus, apply it, please.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu May 31 2001 - 21:00:19 EST