Fix CVE-2018-7757 (rhbz 1553361 1553363)
This commit is contained in:
parent
1045178022
commit
e9c6acc15d
|
@ -0,0 +1,40 @@
|
|||
From 4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 Mon Sep 17 00:00:00 2001
|
||||
From: Jason Yan <yanaijie@huawei.com>
|
||||
Date: Thu, 4 Jan 2018 21:04:31 +0800
|
||||
Subject: [PATCH] scsi: libsas: fix memory leak in sas_smp_get_phy_events()
|
||||
|
||||
We've got a memory leak with the following producer:
|
||||
|
||||
while true;
|
||||
do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null;
|
||||
done
|
||||
|
||||
The buffer req is allocated and not freed after we return. Fix it.
|
||||
|
||||
Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
|
||||
Signed-off-by: Jason Yan <yanaijie@huawei.com>
|
||||
CC: John Garry <john.garry@huawei.com>
|
||||
CC: chenqilin <chenqilin2@huawei.com>
|
||||
CC: chenxiang <chenxiang66@hisilicon.com>
|
||||
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
||||
Reviewed-by: Hannes Reinecke <hare@suse.com>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/libsas/sas_expander.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
|
||||
index ca1566237ae7..1de59c0fdbc0 100644
|
||||
--- a/drivers/scsi/libsas/sas_expander.c
|
||||
+++ b/drivers/scsi/libsas/sas_expander.c
|
||||
@@ -695,6 +695,7 @@ int sas_smp_get_phy_events(struct sas_phy *phy)
|
||||
phy->phy_reset_problem_count = scsi_to_u32(&resp[24]);
|
||||
|
||||
out:
|
||||
+ kfree(req);
|
||||
kfree(resp);
|
||||
return res;
|
||||
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -642,6 +642,9 @@ Patch656: 0001-sctp-verify-size-of-a-new-chunk-in-_sctp_make_chunk.patch
|
|||
# rhbz 1549316
|
||||
Patch657: ipmi-fixes.patch
|
||||
|
||||
# CVE-2018-7757 rhbz 1553361 1553363
|
||||
Patch658: 0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1940,6 +1943,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Mar 08 2018 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Fix CVE-2018-7757 (rhbz 1553361 1553363)
|
||||
|
||||
* Tue Mar 06 2018 Laura Abbott <labbott@redhat.com>
|
||||
- Fixes for IPMI crash (rbhz 1549316)
|
||||
|
||||
|
|
Loading…
Reference in New Issue