[PATCH] fs: tftp: Fix NULL pointer deref in file upload
Sascha Hauer
s.hauer at pengutronix.de
Wed Mar 15 02:53:00 PDT 2023
With TFTP upload the window cache is unused, but still freed in
tftp_do_close(). To avoid iterating on the uninitialized list,
initialize it unconditionally and not only for the download case.
Fixes: 3f1ea0ffcf8b ("tftp: implement UDP reorder cache using lists")
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
fs/tftp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/tftp.c b/fs/tftp.c
index a63b133caa..c6edc9969f 100644
--- a/fs/tftp.c
+++ b/fs/tftp.c
@@ -384,10 +384,10 @@ static int tftp_allocate_transfer(struct file_priv *priv)
priv->fifo = NULL;
goto err;
}
- } else {
- INIT_LIST_HEAD(&priv->cache.blocks);
}
+ INIT_LIST_HEAD(&priv->cache.blocks);
+
return 0;
err:
--
2.30.2
More information about the barebox
mailing list