/[linux-patches]/genpatches-2.6/trunk/2.6.14/1042_4_dpt-i20-null-deref.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1042_4_dpt-i20-null-deref.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 232 - (show annotations) (download) (as text)
Thu Dec 15 16:22:43 2005 UTC (14 years, 11 months ago) by dsd
File MIME type: text/x-diff
File size: 1554 byte(s)
Linux 2.6.14.4
1 From stable-bounces@linux.kernel.org Mon Nov 28 03:43:56 2005
2 Date: Mon, 28 Nov 2005 12:43:41 +0100
3 From: Adrian Bunk <bunk@stusta.de>
4 To: stable@kernel.org
5 Cc:
6 Subject: drivers/scsi/dpt_i2o.c: fix a user-after-free
7
8 The Coverity checker spotted this obvious use-after-free
9
10 Signed-off-by: Adrian Bunk <bunk@stusta.de>
11 Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com>
12 Signed-off-by: Chris Wright <chrisw@osdl.org>
13 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 ---
15 drivers/scsi/dpt_i2o.c | 9 +++++----
16 1 file changed, 5 insertions(+), 4 deletions(-)
17
18 --- linux-2.6.14.3.orig/drivers/scsi/dpt_i2o.c
19 +++ linux-2.6.14.3/drivers/scsi/dpt_i2o.c
20 @@ -816,7 +816,7 @@ static int adpt_hba_reset(adpt_hba* pHba
21 static void adpt_i2o_sys_shutdown(void)
22 {
23 adpt_hba *pHba, *pNext;
24 - struct adpt_i2o_post_wait_data *p1, *p2;
25 + struct adpt_i2o_post_wait_data *p1, *old;
26
27 printk(KERN_INFO"Shutting down Adaptec I2O controllers.\n");
28 printk(KERN_INFO" This could take a few minutes if there are many devices attached\n");
29 @@ -830,13 +830,14 @@ static void adpt_i2o_sys_shutdown(void)
30 }
31
32 /* Remove any timedout entries from the wait queue. */
33 - p2 = NULL;
34 // spin_lock_irqsave(&adpt_post_wait_lock, flags);
35 /* Nothing should be outstanding at this point so just
36 * free them
37 */
38 - for(p1 = adpt_post_wait_queue; p1; p2 = p1, p1 = p2->next) {
39 - kfree(p1);
40 + for(p1 = adpt_post_wait_queue; p1;) {
41 + old = p1;
42 + p1 = p1->next;
43 + kfree(old);
44 }
45 // spin_unlock_irqrestore(&adpt_post_wait_lock, flags);
46 adpt_post_wait_queue = NULL;

  ViewVC Help
Powered by ViewVC 1.1.20