| From 83c75ee63f83d734f831c9c3dfa82d606d5df859 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Mon, 24 Aug 2020 11:58:12 +0300 |
| Subject: afs: Fix a use after free in afs_xattr_get_acl() |
| |
| From: Dan Carpenter <dan.carpenter@oracle.com> |
| |
| [ Upstream commit 248c944e2159de4868bef558feea40214aaf8464 ] |
| |
| The "op" pointer is freed earlier when we call afs_put_operation(). |
| |
| Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept") |
| Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Signed-off-by: David Howells <dhowells@redhat.com> |
| cc: Colin Ian King <colin.king@canonical.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/afs/xattr.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/fs/afs/xattr.c b/fs/afs/xattr.c |
| index 84f3c4f575318..38884d6c57cdc 100644 |
| --- a/fs/afs/xattr.c |
| +++ b/fs/afs/xattr.c |
| @@ -85,7 +85,7 @@ static int afs_xattr_get_acl(const struct xattr_handler *handler, |
| if (acl->size <= size) |
| memcpy(buffer, acl->data, acl->size); |
| else |
| - op->error = -ERANGE; |
| + ret = -ERANGE; |
| } |
| } |
| |
| -- |
| 2.27.0 |
| |
