projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83f31a4)
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
authorMaurizio Lombardi <mlombard@redhat.com>
Wed, 26 Jun 2019 17:27:34 +0000 (19:27 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 31 Jul 2019 05:28:18 +0000 (07:28 +0200)
[ Upstream commit 5dd6c49339126c2c8df2179041373222362d6e49 ]

If the CHAP_A value is not supported, the chap_server_open() function
should free the auth_protocol pointer and set it to NULL, or we will leave
a dangling pointer around.

[   66.010905] Unsupported CHAP_A value
[   66.011660] Security negotiation failed.
[   66.012443] iSCSI Login negotiation failed.
[   68.413924] general protection fault: 0000 [#1] SMP PTI
[   68.414962] CPU: 0 PID: 1562 Comm: targetcli Kdump: loaded Not tainted 4.18.0-80.el8.x86_64 #1
[   68.416589] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[   68.417677] RIP: 0010:__kmalloc_track_caller+0xc2/0x210

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/target/iscsi/iscsi_target_auth.c patch | blob | blame | history

diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index 4e680d753941f71ea299d87b6c0cd18fc307b50f..e2fa3a3bc81dffff1af904a6b9c612ee37fe2d3a 100644 (file)
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -89,6 +89,12 @@ out:
        return CHAP_DIGEST_UNKNOWN;
 }
 
+static void chap_close(struct iscsi_conn *conn)
+{
+       kfree(conn->auth_protocol);
+       conn->auth_protocol = NULL;
+}
+
 static struct iscsi_chap *chap_server_open(
        struct iscsi_conn *conn,
        struct iscsi_node_auth *auth,
@@ -126,7 +132,7 @@ static struct iscsi_chap *chap_server_open(
        case CHAP_DIGEST_UNKNOWN:
        default:
                pr_err("Unsupported CHAP_A value\n");
-               kfree(conn->auth_protocol);
+               chap_close(conn);
                return NULL;
        }
 
@@ -141,19 +147,13 @@ static struct iscsi_chap *chap_server_open(
         * Generate Challenge.
         */
        if (chap_gen_challenge(conn, 1, aic_str, aic_len) < 0) {
-               kfree(conn->auth_protocol);
+               chap_close(conn);
                return NULL;
        }
 
        return chap;
 }
 
-static void chap_close(struct iscsi_conn *conn)
-{
-       kfree(conn->auth_protocol);
-       conn->auth_protocol = NULL;
-}
-
 static int chap_server_compute_md5(
        struct iscsi_conn *conn,
        struct iscsi_node_auth *auth,