Date: Wed, 2 Jun 2021 13:37:17 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 138c9932888f - stable/12 - netsmb: Avoid a read-after-free in smb_t2_request_int() Message-ID: <202106021337.152DbHZj012395@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=138c9932888f5d0f331a675ec1fa925fcb707976 commit 138c9932888f5d0f331a675ec1fa925fcb707976 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-05-26 13:57:38 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-06-02 13:37:06 +0000 netsmb: Avoid a read-after-free in smb_t2_request_int() Defer freeing the request structure until we've decided whether the request should be retried. PR: 255881 MFC after: 1 week (cherry picked from commit 771e95d2e2ee1b60539f1273c62837b48249590a) --- sys/netsmb/smb_rq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netsmb/smb_rq.c b/sys/netsmb/smb_rq.c index 544bfd1194f0..5a2ec0e7214a 100644 --- a/sys/netsmb/smb_rq.c +++ b/sys/netsmb/smb_rq.c @@ -738,13 +738,13 @@ smb_t2_request_int(struct smb_t2rq *t2p) bad: smb_iod_removerq(rqp); freerq: - smb_rq_done(rqp); if (error) { if (rqp->sr_flags & SMBR_RESTART) t2p->t2_flags |= SMBT2_RESTART; md_done(&t2p->t2_rparam); md_done(&t2p->t2_rdata); } + smb_rq_done(rqp); return error; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106021337.152DbHZj012395>