Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp845387pxb;
        Tue, 3 Nov 2020 14:13:43 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx1sC3IaTPyy9gcP0Zo3zkL7mpZr3KjpvZtPc18GuCgjjCeE8ZBgwm/RGqidwTBk/ru31Oz
X-Received: by 2002:a17:906:374b:: with SMTP id e11mr9378609ejc.339.1604441623589;
        Tue, 03 Nov 2020 14:13:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1604441623; cv=none;
        d=google.com; s=arc-20160816;
        b=DLmwCirzG8DrYjrzO8vnGllJftGqvsKcJsq91igEQoa1my9/egjdpIb638viqd+0kF
         N221jvDfIfdqllAuVO05o6b6orunyOAjkYtWKne60IYuxmlKj/2/Zw5X3v9ec88n4HfX
         Y9dSqk7N2HJx8AiPXsFgzCpEve3teadOAh+87ef1lujX1Ay7dqRK8xXNcf6GX83CsnLh
         o/tk8jKR9YaSSMCfj2E9eOdVNWIA5mo4uZbZwaBFullQLKpevQnabId9UersQEvnhPP+
         EuagATjdr1Qmm+ejwrt04dN5Soo1HhfdwDi6AsRNaToxIPfXalAABa5bZEDKQdxXz3tF
         xI6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=GSppiBp8sIIBPzpwLgLze2qW77hY8rFRBIlvQXtRG3Q=;
        b=KR2oe7ytuE2qlF5H6ZsINyD0IYTAnEw3aaoIqN5egCdFZWJhBwZZdQULJRTtSK8yNm
         EWXqdVcRvQMbI+hWK4vsGpdQkvJyE2IDO1wcqpUHSZo5zMIW/be03D08Gu9h/6hJKkEi
         hRUcDMks5lg8TQtSOelaO2h2V+pir2VWFf1q1Mj1RhzqUMDn/uIMcY7eT5itSoChW5jq
         9CWfs/If1YTvkQqM8PoLMJ+Dk/0llelLCq21+N751sOA7VSGzexnAVIKrfJy5FNOsnw/
         NykiMncyv+6VGn+yf8KoPB0Me1ah5MGX0zqx9dYhiTKLMKVUXeH9AhcGIFUK/gPU3pbp
         HKEA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=U6hgZeRf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k2si80315ejs.236.2020.11.03.14.13.20;
        Tue, 03 Nov 2020 14:13:43 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=U6hgZeRf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729891AbgKCUiK (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Tue, 3 Nov 2020 15:38:10 -0500
Received: from mail.kernel.org ([198.145.29.99]:47954 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729877AbgKCUiG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Nov 2020 15:38:06 -0500
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 81C68223AB;
        Tue,  3 Nov 2020 20:38:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1604435886;
        bh=29d+8STEnezZ9ctvxTTxC2bfj7b6og+rhFvfXis6v2A=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=U6hgZeRfBA4x8bU910hkN8EgUg/Y8Y7nRgZTHWBgy85ejfov/shPLqPZ8b0RsVrqi
         T+Rws+286WvxVzQXtFTEv68yDhRWmb+4ls5WOsfyhFMnIirXr3tq1VOP2pKXN8mN5M
         1DfPi55bNG17L3M2c779AWcoAAS9FsG0YNbUSwqI=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Dan Carpenter <dan.carpenter@oracle.com>,
        David Howells <dhowells@redhat.com>,
        Colin Ian King <colin.king@canonical.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.9 026/391] afs: Fix a use after free in afs_xattr_get_acl()
Date:   Tue,  3 Nov 2020 21:31:17 +0100
Message-Id: <20201103203349.592884635@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201103203348.153465465@linuxfoundation.org>
References: <20201103203348.153465465@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit 248c944e2159de4868bef558feea40214aaf8464 ]

The "op" pointer is freed earlier when we call afs_put_operation().

Fixes: e49c7b2f6de7 ("afs: Build an abstraction around an "operation" concept")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/afs/xattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/afs/xattr.c b/fs/afs/xattr.c
index 84f3c4f575318..38884d6c57cdc 100644
--- a/fs/afs/xattr.c
+++ b/fs/afs/xattr.c
@@ -85,7 +85,7 @@ static int afs_xattr_get_acl(const struct xattr_handler *handler,
 			if (acl->size <= size)
 				memcpy(buffer, acl->data, acl->size);
 			else
-				op->error = -ERANGE;
+				ret = -ERANGE;
 		}
 	}
 
-- 
2.27.0