!15500 Fix 4 CVEs in JFFS2 (259b1112) · Commits · EulixOS / Software / Kernel

fs/jffs2/build.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -415,13 +415,15 @@ int jffs2_do_mount_fs(struct jffs2_sb_info *c)
		jffs2_free_ino_caches(c);
		jffs2_free_raw_node_refs(c);
		ret = -EIO;
		goto out_free;
		goto out_sum_exit;
		}

		jffs2_calc_trigger_levels(c);

		return 0;

		out_sum_exit:
		jffs2_sum_exit(c);
		out_free:
		kvfree(c->blocks);

+2 −1

Original line number	Diff line number	Diff line
		@@ -597,8 +597,9 @@ int jffs2_do_fill_super(struct super_block sb, void data, int silent)
		jffs2_free_ino_caches(c);
		jffs2_free_raw_node_refs(c);
		kvfree(c->blocks);
		out_inohash:
		jffs2_clear_xattr_subsystem(c);
		jffs2_sum_exit(c);
		out_inohash:
		kfree(c->inocache_list);
		out_wbuf:
		jffs2_flash_cleanup(c);

+4 −2

Original line number	Diff line number	Diff line
		@@ -136,7 +136,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
		if (!s) {
		JFFS2_WARNING("Can't allocate memory for summary\n");
		ret = -ENOMEM;
		goto out;
		goto out_buf;
		}
		}

		@@ -274,13 +274,15 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
		}
		ret = 0;
		out:
		jffs2_sum_reset_collected(s);
		kfree(s);
		out_buf:
		if (buf_size)
		kfree(flashbuf);
		#ifndef __ECOS
		else
		mtd_unpoint(c->mtd, 0, c->mtd->size);
		#endif
		kfree(s);
		return ret;
		}