Patchwork [096/270] libceph: fix NULL dereference in reset_connection()

login
register
mail settings
Submitter Herton Ronaldo Krzesinski
Date Nov. 26, 2012, 4:56 p.m.
Message ID <1353949160-26803-97-git-send-email-herton.krzesinski@canonical.com>
Download mbox | patch
Permalink /patch/201829/
State New
Headers show

Comments

Herton Ronaldo Krzesinski - Nov. 26, 2012, 4:56 p.m.
3.5.7u1 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Dan Carpenter <dan.carpenter@oracle.com>

commit 26ce171915f348abd1f41da1ed139d93750d987f upstream.

We dereference "con->in_msg" on the line after it was set to NULL.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Alex Elder <elder@inktank.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
---
 net/ceph/messenger.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index c52d587..0a6fdf8 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -440,7 +440,7 @@  static void reset_connection(struct ceph_connection *con)
 		con->in_msg->con = NULL;
 		ceph_msg_put(con->in_msg);
 		con->in_msg = NULL;
-		ceph_con_put(con->in_msg->con);
+		ceph_con_put(con);
 	}
 
 	con->connect_seq = 0;