lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1012132324550.26491@swampdragon.chaosbits.net>
Date:	Mon, 13 Dec 2010 23:30:36 +0100 (CET)
From:	Jesper Juhl <jj@...osbits.net>
To:	linux-kernel@...r.kernel.org
cc:	Steven Whitehouse <swhiteho@...hat.com>, cluster-devel@...hat.com
Subject: [PATCH] Don't leak memory in failure paths of gfs2_acl_get()

Hi,

In fs/gfs2/acl.c::gfs2_acl_get() we may leak memory in failure scenarios.
gfs2_xattr_acl_get() may return <=0 after having dynamically allocated 
memory for its last argument ('data' in the gfs2_acl_get() caller) and in 
that case the caller leaks the memory.
This patch initializes 'data' to NULL and calls kfree() on 'data' in the 
the failure paths. This ensures that we always free the memory on failure 
or that we just call kfree(NULL) on failures where no memory has actually 
been allocated yet.


Signed-off-by: Jesper Juhl <jj@...osbits.net>
---
 acl.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c
index 48171f4..e7e45ab 100644
--- a/fs/gfs2/acl.c
+++ b/fs/gfs2/acl.c
@@ -42,7 +42,7 @@ static struct posix_acl *gfs2_acl_get(struct gfs2_inode *ip, int type)
 {
 	struct posix_acl *acl;
 	const char *name;
-	char *data;
+	char *data = NULL;
 	int len;
 
 	if (!ip->i_eattr)
@@ -57,10 +57,14 @@ static struct posix_acl *gfs2_acl_get(struct gfs2_inode *ip, int type)
 		return ERR_PTR(-EINVAL);
 
 	len = gfs2_xattr_acl_get(ip, name, &data);
-	if (len < 0)
+	if (len < 0) {
+		kfree(data);
 		return ERR_PTR(len);
-	if (len == 0)
+	}
+	if (len == 0) {
+		kfree(data);
 		return NULL;
+	}
 
 	acl = posix_acl_from_xattr(data, len);
 	kfree(data);



-- 
Jesper Juhl <jj@...osbits.net>            http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ