CVE-2019-13105: ext4: fix double-free in ext4_cache_read

ext_cache_read doesn't null cache->buf, after freeing, which results in a later function double-freeing it. This patch fixes ext_cache_read to call ext_cache_fini instead of free. Signed-off-by: Paul Emge <paulemge@forallsecure.com>

CVE-2019-13105: ext4: fix double-free in ext4_cache_read
6e5a79de · Paul Emge · Tom Rini · 232e2f4f · 6e5a79de
Commit 6e5a79de authored 5 years ago by Paul Emge Committed by Tom Rini 5 years ago
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -286,7 +286,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
 	if (!cache->buf)
 		return 0;
 	if (!ext4fs_devread(block, 0, size, cache->buf)) {
-		free(cache->buf);
+		ext_cache_fini(cache);
 		return 0;
 	}
 	cache->block = block;