lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Jul 2020 21:22:00 -0400 From: Sasha Levin <sashal@...nel.org> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org Cc: Tom Rix <trix@...hat.com>, Anna Schumaker <Anna.Schumaker@...app.com>, Sasha Levin <sashal@...nel.org>, linux-nfs@...r.kernel.org Subject: [PATCH AUTOSEL 5.7 51/53] nfs: Fix memory leak of export_path From: Tom Rix <trix@...hat.com> [ Upstream commit 4659ed7cc8514369043053463514408ca16ad6f3 ] The try_location function is called within a loop by nfs_follow_referral. try_location calls nfs4_pathname_string to created the export_path. nfs4_pathname_string allocates the memory. export_path is stored in the nfs_fs_context/fs_context structure similarly as hostname and source. But whereas the ctx hostname and source are freed before assignment, export_path is not. So if there are multiple loops, the new export_path will overwrite the old without the old being freed. So call kfree for export_path. Signed-off-by: Tom Rix <trix@...hat.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@...app.com> Signed-off-by: Sasha Levin <sashal@...nel.org> --- fs/nfs/nfs4namespace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index a3ab6e219061b..873342308dc0d 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c @@ -308,6 +308,7 @@ static int try_location(struct fs_context *fc, if (IS_ERR(export_path)) return PTR_ERR(export_path); + kfree(ctx->nfs_server.export_path); ctx->nfs_server.export_path = export_path; source = kmalloc(len + 1 + ctx->nfs_server.export_path_len + 1, -- 2.25.1
Powered by blists - more mailing lists