git: 138c9932888f - stable/12 - netsmb: Avoid a read-after-free in smb_t2_request_int()
Mark Johnston
markj at FreeBSD.org
Wed Jun 2 13:37:18 UTC 2021
The branch stable/12 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=138c9932888f5d0f331a675ec1fa925fcb707976
commit 138c9932888f5d0f331a675ec1fa925fcb707976
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-05-26 13:57:38 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-06-02 13:37:06 +0000
netsmb: Avoid a read-after-free in smb_t2_request_int()
Defer freeing the request structure until we've decided whether the
request should be retried.
PR: 255881
MFC after: 1 week
(cherry picked from commit 771e95d2e2ee1b60539f1273c62837b48249590a)
---
sys/netsmb/smb_rq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netsmb/smb_rq.c b/sys/netsmb/smb_rq.c
index 544bfd1194f0..5a2ec0e7214a 100644
--- a/sys/netsmb/smb_rq.c
+++ b/sys/netsmb/smb_rq.c
@@ -738,13 +738,13 @@ smb_t2_request_int(struct smb_t2rq *t2p)
bad:
smb_iod_removerq(rqp);
freerq:
- smb_rq_done(rqp);
if (error) {
if (rqp->sr_flags & SMBR_RESTART)
t2p->t2_flags |= SMBT2_RESTART;
md_done(&t2p->t2_rparam);
md_done(&t2p->t2_rdata);
}
+ smb_rq_done(rqp);
return error;
}
More information about the dev-commits-src-all
mailing list