On Wed, 15 Aug 2018 10:19:14 +0000, Vincent Pelletier
<[email protected]> wrote:
> Fixes a use-after-free reported by KASAN when later
> iscsi_target_login_sess_out gets called and it tries to access
> conn->sess->se_sess:
I could still hit this issue by causing a timeout, and located the
guilty kfree:
> ret = iscsi_login_set_conn_values(sess, conn, pdu->cid);
Here, conn->sess is set.
> - if (unlikely(ret)) {
> - kfree(sess);
This is the guilty kfree.
> + ret = -ENOMEM;
This is just to be strictly compliant with the hardcoded return value
which I'm replacing with "ret". I tend to think this is wrong (hiding
a possibly more relevant error code ?), but I do not know the
surrounding code nearly enough to make a decision - so status-quo it is.
Regards,
--
Vincent Pelletier
