scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()

commit 578797f0c8cbc2e3ec5fc0dab87087b4c7073686 upstream. A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev->components is zero, accessing edev->component[0] members is wrong. Link: https://lore.kernel.org/r/20230202162451.15346-5-thenzl@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Tomas Henzl <thenzl@redhat.com> 2023-02-02 17:24:51 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-03-11 16:26:49 +0100
commit: 76f7050537476ac062ec23a544fbca8270f2d08b (patch)
tree: ec75a8888e559e93e5674260fbb103b14be85d12
parent: 72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7 (diff)
download: linux-76f7050537476ac062ec23a544fbca8270f2d08b.tar.gz
linux-76f7050537476ac062ec23a544fbca8270f2d08b.tar.bz2
linux-76f7050537476ac062ec23a544fbca8270f2d08b.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
index 366656157b09..70ae5247c9f7 100644
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -872,7 +872,8 @@ static void ses_intf_remove_enclosure(struct scsi_device *sdev)
 	kfree(ses_dev->page2);
 	kfree(ses_dev);
 
-	kfree(edev->component[0].scratch);
+	if (edev->components)
+		kfree(edev->component[0].scratch);
 
 	put_device(&edev->edev);
 	enclosure_unregister(edev);
author	Tomas Henzl <thenzl@redhat.com>	2023-02-02 17:24:51 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-03-11 16:26:49 +0100
commit	76f7050537476ac062ec23a544fbca8270f2d08b (patch)
tree	ec75a8888e559e93e5674260fbb103b14be85d12
parent	72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7 (diff)
download	linux-76f7050537476ac062ec23a544fbca8270f2d08b.tar.gz linux-76f7050537476ac062ec23a544fbca8270f2d08b.tar.bz2 linux-76f7050537476ac062ec23a544fbca8270f2d08b.zip