diff options
| author | Jeff Layton <jlayton@redhat.com> | 2009-12-03 08:09:41 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-01-06 15:03:53 -0800 |
| commit | cd7bc18e0908a287e64cf4593a480b613b07fdce (patch) | |
| tree | 8a84af182e2cd053fcef6e05dfbdc39b57957000 /fs/devpts | |
| parent | 6cb5fcc95450e4a8e7423128dec3d43caac8f42b (diff) | |
cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS referrals
commit a2934c7b363ddcc001964f2444649f909e583bef upstream.
The scenario is this:
The kernel gets EREMOTE and starts chasing a DFS referral at mount time.
The tcon reference is put, which puts the session reference too, but
neither pointer is zeroed out.
The mount gets retried (goto try_mount_again) with new mount info.
Session setup fails fails and rc ends up being non-zero. The code then
falls through to the end and tries to put the previously freed tcon
pointer again. Oops at: cifs_put_smb_ses+0x14/0xd0
Fix this by moving the initialization of the rc variable and the tcon,
pSesInfo and srvTcp pointers below the try_mount_again label. Also, add
a FreeXid() before the goto to prevent xid "leaks".
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reported-by: Gustavo Carvalho Homem <gustavo@angulosolido.pt>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs/devpts')
0 files changed, 0 insertions, 0 deletions