Re: [PATCH] libceph: fix use after free

From: Sergei Shtylyov
Date: Tue Nov 27 2018 - 03:48:09 EST

Next message: Adrian Hunter: "[PATCH] perf auxtrace: Alter addr_filter__entire_dso() to work if there are no symbols"
Previous message: Bharat Bhushan: "[PATCH] PCI: Mark NXP LS1088 to avoid bus reset bus"
In reply to: Pan Bian: "[PATCH] libceph: fix use after free"
Next in thread: PanBian: "Re: [PATCH] libceph: fix use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

On 27.11.2018 10:02, Pan Bian wrote:

The function ceph_monc_handle_map calls kfree(old) to free the old
monitor map, old points to monc->monmap. However, after that, it reads
monc->monmap->epoch and passes it to __ceph_monc_got_map. This result in
a use-after-free bug. The patch moves the free operation after the call
to __ceph_monc_got_map.

Fixes: 82dcabad750("libceph: revamp subs code, switch to SUBSCRIBE2

Space needed before (.

protocol")

Never break up the commit summary in this tag.

Signed-off-by: Pan Bian <bianpan2016@xxxxxxx>

[...]

MBR, Sergei

Next message: Adrian Hunter: "[PATCH] perf auxtrace: Alter addr_filter__entire_dso() to work if there are no symbols"
Previous message: Bharat Bhushan: "[PATCH] PCI: Mark NXP LS1088 to avoid bus reset bus"
In reply to: Pan Bian: "[PATCH] libceph: fix use after free"
Next in thread: PanBian: "Re: [PATCH] libceph: fix use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]