[PATCH] Drop reference added by grab_header

Zhou Chengming Thu, 05 Jan 2017 03:39:02 -0800

Fixes CVE-2016-9191.

Reported-by: CAI Qian <caiq...@redhat.com>
Tested-by: Yang Shukui <yangshu...@huawei.com>
Signed-off-by: Zhou Chengming <zhouchengmi...@huawei.com>
---
 fs/proc/proc_sysctl.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)


diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 5d931bf..c4c90bd 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -718,7 +718,7 @@ static int proc_sys_readdir(struct file *file, struct 
dir_context *ctx)
        ctl_dir = container_of(head, struct ctl_dir, header);
 
        if (!dir_emit_dots(file, ctx))
-               return 0;
+               goto out;
 
        pos = 2;
 
@@ -728,6 +728,7 @@ static int proc_sys_readdir(struct file *file, struct 
dir_context *ctx)
                        break;
                }
        }
+out:
        sysctl_head_finish(head);
        return 0;
 }
-- 
1.7.7

[PATCH] Drop reference added by grab_header

Reply via email to