+2
−2
Loading
btrfs: fix uninitialized pointer free on read_alloc_one_name() error
stable inclusion from stable-v6.6.58 commit 7fc7c47b9ba0cf2d192f2117a64b24881b0b577f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB0EN2 CVE: CVE-2024-50087 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7fc7c47b9ba0cf2d192f2117a64b24881b0b577f -------------------------------- commit 2ab5e243c2266c841e0f6904fad1514b18eaf510 upstream. The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it. This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81 ("btrfs: use struct qstr instead of name and namelen pairs"). Link: https://lore.kernel.org/linux-btrfs/20241009080833.1355894-1-jroi.martin@gmail.com/ Fixes: e43eec81 ("btrfs: use struct qstr instead of name and namelen pairs") CC: stable@vger.kernel.org # 6.1+ Reviewed-by:Anand Jain <anand.jain@oracle.com> Signed-off-by: