drivers: tty: Fix use-after-free in pty_common_install

In 2c964a2f "drivers: tty: Merge alloc_tty_struct and
initialize_tty_struct", I messed up the refactorization of
pty_common_install, causing use-after-free and NULL pointer derefs on
various error paths. This should fix it.

Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
index ac723e3c031a7ef7eb3f95a8616c6fc4b1afa4c3..9bbdb1de12e2a8b638d29fa24fcc9f0f77250b42 100644 (file)
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -388,7 +388,7 @@ err_deinit_tty:
        deinitialize_tty_struct(o_tty);
        free_tty_struct(o_tty);
 err_put_module:
-       module_put(o_tty->driver->owner);
+       module_put(driver->other->owner);
 err:
        kfree(ports[0]);
        kfree(ports[1]);