[PATCH] proc_pid_lookup use-after-free fix

From: "Martin J. Bligh" <mbligh@aracnet.com> and me proc_pid_lookup() does a put_task_struct() and then continues to play with the task.

[PATCH] proc_pid_lookup use-after-free fix
From: "Martin J. Bligh" <mbligh@aracnet.com> and me proc_pid_lookup() does a put_task_struct() and then continues to play with the task.
bf93adba · Andrew Morton · Linus Torvalds · 34c37b86 · bf93adba
Commit bf93adba authored Jun 20, 2003 by Andrew Morton Committed by Linus Torvalds Jun 20, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

fs/proc/base.c fs/proc/base.c +4 -2

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1362,10 +1362,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry)

 	inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO);

-	put_task_struct(task);

-	if (!inode)
+	if (!inode) {
+		put_task_struct(task);
 		goto out;
+	}
 	inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
 	inode->i_op = &proc_base_inode_operations;
 	inode->i_fop = &proc_base_operations;
@@ -1379,6 +1380,7 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry)
 	d_add(dentry, inode);
 	spin_unlock(&task->proc_lock);

+	put_task_struct(task);
 	return NULL;
 out:
 	return ERR_PTR(-ENOENT);