linux-stable.git - Linux kernel stable tree

diff options

author	Mike Christie <michael.christie@oracle.com>	2023-01-17 13:39:37 -0600
committer	Martin K. Petersen <martin.petersen@oracle.com>	2023-01-18 19:14:56 -0500
commit	f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (patch)
tree	c110ea8faf7e5b614aa67e2133a373887fd8298a /COPYING
parent	6f1d64b13097e85abda0f91b5638000afc5f9a06 (diff)
download	linux-stable-f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3.tar.gz linux-stable-f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3.tar.bz2 linux-stable-f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3.zip

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail. Link: https://lore.kernel.org/r/20230117193937.21244-3-michael.christie@oracle.com Signed-off-by: Mike Christie <michael.christie@oracle.com> Reviewed-by: Lee Duncan <lduncan@suse.com> Acked-by: Ding Hui <dinghui@sangfor.com.cn> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Diffstat (limited to 'COPYING')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: