| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Dec 2012 13:06:21 +0100
From: Jan Kara <jack@...e.cz>
To: Chen Gang <gang.chen@...anux.com>
Cc: Theodore Ts'o <tytso@....edu>, jack@...e.cz,
akpm@...ux-foundation.org, linux-ext4@...r.kernel.org
Subject: Re: [Suggestion] fs/ext3: memory leak by calling set_qf_name or
clear_qf_name, many times.
On Wed 26-12-12 13:04:59, Chen Gang wrote:
> Hello Theodore Ts'o
>
> in fs/ext3/supper.c
> for function set_qf_name:
> sbi->s_qf_names[qtype] may already have owned a memory (line 919..925)
> we set sbi->s_qf_names[qtype] = qname directly without checking (line 926)
>
> for function clear_qf_name:
> we set sbi->s_qf_names[qtype] = NULL (line 942..952)
>
>
> for function parse_options:
> we can call set_qf_name or clear_qf_name with USR or GRP many times.
> we find parameters not mind whether they are repeated. (line 975..985)
> so we may call set_qf_name or clear_qf_name several times.
> also may first call set_qf_name, then call clear_qf_name.
>
> in this situation, we will get memory leak.
>
> please help check this suggestion whether valid (I find it by code review).
Thanks for report. Yes, memory leak seems to be possible. Attached patch
should fix it, I have added it to my tree.
Honza
--
Jan Kara <jack@...e.cz>
SUSE Labs, CR
View attachment "0001-ext3-Fix-memory-leak-when-quota-options-are-specifie.patch" of type "text/x-patch" (1360 bytes)
Powered by blists - more mailing lists