From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dominique Martinet Subject: [PATCH 2/2] 9p: clear dangling pointers in p9stat_free Date: Tue, 28 Aug 2018 00:48:28 +0200 Message-ID: <1535410108-20650-2-git-send-email-asmadeus@codewreck.org> References: <000000000000af648b057456e234@google.com> <1535410108-20650-1-git-send-email-asmadeus@codewreck.org> Cc: Dominique Martinet , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com, Eric Van Hensbergen , Latchesar Ionkov To: v9fs-developer@lists.sourceforge.net Return-path: In-Reply-To: <1535410108-20650-1-git-send-email-asmadeus@codewreck.org> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org From: Dominique Martinet p9stat_free is more of a cleanup function than a 'free' function as it only frees the content of the struct; there are chances of use-after-free if it is improperly used (e.g. p9stat_free called twice as it used to be possible to) Clearing dangling pointers makes the function idempotent and safer to use. Signed-off-by: Dominique Martinet Reported-by: syzbot+d4252148d198410b864f@syzkaller.appspotmail.com Cc: Eric Van Hensbergen Cc: Latchesar Ionkov --- net/9p/protocol.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/9p/protocol.c b/net/9p/protocol.c index 4a1e1dd30b52..ee32bbf12675 100644 --- a/net/9p/protocol.c +++ b/net/9p/protocol.c @@ -46,10 +46,15 @@ p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...); void p9stat_free(struct p9_wstat *stbuf) { kfree(stbuf->name); + stbuf->name = NULL; kfree(stbuf->uid); + stbuf->uid = NULL; kfree(stbuf->gid); + stbuf->gid = NULL; kfree(stbuf->muid); + stbuf->muid = NULL; kfree(stbuf->extension); + stbuf->extension = NULL; } EXPORT_SYMBOL(p9stat_free); -- 2.17.1