diff options
| author | Jeff Layton <jlayton@redhat.com> | 2009-12-03 14:09:41 +0100 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2009-12-03 17:12:41 +0100 |
| commit | a2934c7b363ddcc001964f2444649f909e583bef (patch) | |
| tree | c58eb5fd32591e1e54a37ed7b42f3fc4bb910d0e /fs/cifs/CHANGES | |
| parent | Merge branch 'security' of git://git.kernel.org/pub/scm/linux/kernel/git/linv... (diff) | |
| download | linux-a2934c7b363ddcc001964f2444649f909e583bef.tar.xz linux-a2934c7b363ddcc001964f2444649f909e583bef.zip | |
cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS referrals
The scenario is this:
The kernel gets EREMOTE and starts chasing a DFS referral at mount time.
The tcon reference is put, which puts the session reference too, but
neither pointer is zeroed out.
The mount gets retried (goto try_mount_again) with new mount info.
Session setup fails fails and rc ends up being non-zero. The code then
falls through to the end and tries to put the previously freed tcon
pointer again. Oops at: cifs_put_smb_ses+0x14/0xd0
Fix this by moving the initialization of the rc variable and the tcon,
pSesInfo and srvTcp pointers below the try_mount_again label. Also, add
a FreeXid() before the goto to prevent xid "leaks".
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reported-by: Gustavo Carvalho Homem <gustavo@angulosolido.pt>
CC: stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/CHANGES')
0 files changed, 0 insertions, 0 deletions