projects
/
powerpc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[PATCH] smbfs: double free memory corruption
[powerpc.git]
/
fs
/
smbfs
/
request.c
diff --git
a/fs/smbfs/request.c
b/fs/smbfs/request.c
index
c8e9619
..
723f7c6
100644
(file)
--- a/
fs/smbfs/request.c
+++ b/
fs/smbfs/request.c
@@
-25,7
+25,7
@@
#define ROUND_UP(x) (((x)+3) & ~3)
/* cache for request structures */
#define ROUND_UP(x) (((x)+3) & ~3)
/* cache for request structures */
-static
kmem_cache_t
*req_cachep;
+static
struct kmem_cache
*req_cachep;
static int smb_request_send_req(struct smb_request *req);
static int smb_request_send_req(struct smb_request *req);
@@
-49,8
+49,7
@@
int smb_init_request_cache(void)
void smb_destroy_request_cache(void)
{
void smb_destroy_request_cache(void)
{
- if (kmem_cache_destroy(req_cachep))
- printk(KERN_INFO "smb_destroy_request_cache: not all structures were freed\n");
+ kmem_cache_destroy(req_cachep);
}
/*
}
/*
@@
-62,7
+61,7
@@
static struct smb_request *smb_do_alloc_request(struct smb_sb_info *server,
struct smb_request *req;
unsigned char *buf = NULL;
struct smb_request *req;
unsigned char *buf = NULL;
- req = kmem_cache_
alloc(req_cachep, SLAB
_KERNEL);
+ req = kmem_cache_
zalloc(req_cachep, GFP
_KERNEL);
VERBOSE("allocating request: %p\n", req);
if (!req)
goto out;
VERBOSE("allocating request: %p\n", req);
if (!req)
goto out;
@@
-75,7
+74,6
@@
static struct smb_request *smb_do_alloc_request(struct smb_sb_info *server,
}
}
}
}
- memset(req, 0, sizeof(struct smb_request));
req->rq_buffer = buf;
req->rq_bufsize = bufsize;
req->rq_server = server;
req->rq_buffer = buf;
req->rq_bufsize = bufsize;
req->rq_server = server;
@@
-183,6
+181,7
@@
static int smb_setup_request(struct smb_request *req)
req->rq_errno = 0;
req->rq_fragment = 0;
kfree(req->rq_trans2buffer);
req->rq_errno = 0;
req->rq_fragment = 0;
kfree(req->rq_trans2buffer);
+ req->rq_trans2buffer = NULL;
return 0;
}
return 0;
}