pti: double-free security PTI fix

This patch fixes a double-free error that will not always be seen unless /dev/pti char interface is stressed. Signed-off-by: J Freyensee <james_p_freyensee@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

pti: double-free security PTI fix
This patch fixes a double-free error that will not always be seen unless /dev/pti char interface is stressed. Signed-off-by: J Freyensee <james_p_freyensee@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
29021bcc · J Freyensee · Greg Kroah-Hartman · 9d031d94 · 29021bcc
Commit 29021bcc authored May 25, 2011 by J Freyensee Committed by Greg Kroah-Hartman Jun 07, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

drivers/misc/pti.c drivers/misc/pti.c +3 -2

No files found.
--- a/drivers/misc/pti.c
+++ b/drivers/misc/pti.c
@@ -317,7 +317,8 @@ EXPORT_SYMBOL_GPL(pti_request_masterchannel);
 *				a master, channel ID address
 *				used to write to PTI HW.
 *
- * @mc: master, channel apeture ID address to be released.
+ * @mc: master, channel apeture ID address to be released.  This
+ *      will de-allocate the structure via kfree().
 */
 void pti_release_masterchannel(struct pti_masterchannel *mc)
 {
@@ -581,7 +582,7 @@ static int pti_char_open(struct inode *inode, struct file *filp)
 static int pti_char_release(struct inode *inode, struct file *filp)
 {
 	pti_release_masterchannel(filp->private_data);
-	kfree(filp->private_data);
+	filp->private_data = NULL;
 	return 0;
 }