Skip to content

Commit c6a80e1

Browse files
Colin Ian Kingsmfrench
authored andcommitted
cifs: fix double free error on share and prefix
Currently if the call dfs_cache_get_tgt_share fails we cannot fully guarantee that share and prefix are set to NULL and the next iteration of the loop can end up potentially double freeing these pointers. Since the semantics of dfs_cache_get_tgt_share are ambiguous for failure cases with the setting of share and prefix (currently now and the possibly the future), it seems prudent to set the pointers to NULL when the objects are free'd to avoid any double frees. Addresses-Coverity: ("Double free") Fixes: 96296c9 ("cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect") Signed-off-by: Colin Ian King <[email protected]> Signed-off-by: Steve French <[email protected]> Reviewed-by: Paulo Alcantara (SUSE) <[email protected]>
1 parent 7548e1d commit c6a80e1

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

fs/cifs/connect.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5574,6 +5574,8 @@ int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon, const stru
55745574

55755575
kfree(share);
55765576
kfree(prefix);
5577+
share = NULL;
5578+
prefix = NULL;
55775579

55785580
rc = dfs_cache_get_tgt_share(tcon->dfs_path + 1, it, &share, &prefix);
55795581
if (rc) {

0 commit comments

Comments
 (0)