aba1ba97e6
commit 26abc916a898d34c5ad159315a2f683def3c5555 upstream.
The problem is that iscsi_login_zero_tsih_s1 sets conn->sess early in
iscsi_login_set_conn_values. If the function fails later like when we
alloc the idr it does kfree(sess) and leaves the conn->sess pointer set.
iscsi_login_zero_tsih_s1 then returns -Exyz and we then call
iscsi_target_login_sess_out and access the freed memory.
This patch has iscsi_login_zero_tsih_s1 either completely setup the
session or completely tear it down, so later in
iscsi_target_login_sess_out we can just check for it being set to the
connection.
Cc: stable@vger.kernel.org
Fixes:
|
||
|---|---|---|
| .. | ||
| iscsi_target_auth.c | ||
| iscsi_target_auth.h | ||
| iscsi_target_configfs.c | ||
| iscsi_target_datain_values.c | ||
| iscsi_target_datain_values.h | ||
| iscsi_target_device.c | ||
| iscsi_target_device.h | ||
| iscsi_target_erl1.c | ||
| iscsi_target_erl1.h | ||
| iscsi_target_erl2.c | ||
| iscsi_target_erl2.h | ||
| iscsi_target_erl0.c | ||
| iscsi_target_erl0.h | ||
| iscsi_target_login.c | ||
| iscsi_target_login.h | ||
| iscsi_target_nego.c | ||
| iscsi_target_nego.h | ||
| iscsi_target_nodeattrib.c | ||
| iscsi_target_nodeattrib.h | ||
| iscsi_target_parameters.c | ||
| iscsi_target_parameters.h | ||
| iscsi_target_seq_pdu_list.c | ||
| iscsi_target_seq_pdu_list.h | ||
| iscsi_target_stat.c | ||
| iscsi_target_tmr.c | ||
| iscsi_target_tmr.h | ||
| iscsi_target_tpg.c | ||
| iscsi_target_tpg.h | ||
| iscsi_target_transport.c | ||
| iscsi_target_util.c | ||
| iscsi_target_util.h | ||
| iscsi_target.c | ||
| iscsi_target.h | ||
| Kconfig | ||
| Makefile | ||