From: Greg Kroah-Hartman <[email protected]>
This reverts commit c54a881d793e3eea2a1b1460c5778b22128821ea which is
commit 05fd5c2c61732152a6bddc318aae62d7e436629b upstream.
Lars writes:
This patch should not be in 4.14-stable because
088aaf17aa79300cab14dbee2569c58cfafd7d6e was for 4.18+.
Now we have a double-free crash in SMB2_read because there are 2
calls to cifs_small_buf_release in the error path.
It was a mistake to backport it this far, so let's revert it.
Reported-by: Lars Persson <[email protected]>
Cc: Ronnie Sahlberg <[email protected]>
Cc: Pavel Shilovsky <[email protected]>
Cc: Steve French <[email protected]>
Cc: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/cifs/smb2pdu.c | 1 -
1 file changed, 1 deletion(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2699,7 +2699,6 @@ SMB2_read(const unsigned int xid, struct
cifs_dbg(VFS, "Send error in read = %d\n", rc);
}
free_rsp_buf(resp_buftype, rsp_iov.iov_base);
- cifs_small_buf_release(req);
return rc == -ENODATA ? 0 : rc;
}
