| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191002092221.GJ2751@suse.cz>
Date: Wed, 2 Oct 2019 11:22:21 +0200
From: David Sterba <dsterba@...e.cz>
To: Navid Emamdoost <navid.emamdoost@...il.com>
Cc: Markus.Elfring@....de,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
Deepa Dinamani <deepa.kernel@...il.com>,
Jeff Layton <jlayton@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
David Sterba <dsterba@...e.com>, emamd001@....edu,
kjlu@....edu, smccaman@....edu, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH v2] fs: affs: fix a memory leak in affs_remount
On Mon, Sep 30, 2019 at 04:01:10PM -0500, Navid Emamdoost wrote:
> In affs_remount if data is provided it is duplicated into new_opts.
> The allocated memory for new_opts is only released if pare_options fail.
> The release for new_opts is added.
A variable that is allocated and freed without use should ring a bell to
look closer at the code. There's a bit of history behind new_options,
originally there was save/replace options on the VFS layer so the 'data'
passed must not change (thus strdup), this got cleaned up in later
patches. But not completely.
There's no reason to do the strdup in cases where the filesystem does
not need to reuse the 'data' again, because strsep would modify it
directly.
So new_opts should be removed.
Powered by blists - more mailing lists