| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240216134541.31577-1-a.burakov@rosalinux.ru>
Date: Fri, 16 Feb 2024 16:45:41 +0300
From: Aleksandr Burakov <a.burakov@...alinux.ru>
To: huck Lever <chuck.lever@...cle.com>,
Jeff Layton <jlayton@...nel.org>
Cc: Aleksandr Burakov <a.burakov@...alinux.ru>,
Neil Brown <neilb@...e.de>,
Olga Kornievskaia <kolga@...app.com>,
Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>,
linux-nfs@...r.kernel.org,
linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org
Subject: [PATCH] nfsd: fix memory leak in __cld_pipe_inprogress_downcall()
Dynamic memory, referenced by 'princhash.data' and 'name.data',
is allocated by calling function 'memdup_user' and lost
at __cld_pipe_inprogress_downcall() function return
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 11a60d159259 ("nfsd: add a "GetVersion" upcall for nfsdcld")
Signed-off-by: Aleksandr Burakov <a.burakov@...alinux.ru>
---
fs/nfsd/nfs4recover.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 2c060e0b1604..02663484782d 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -850,6 +850,8 @@ __cld_pipe_inprogress_downcall(const struct cld_msg_v2 __user *cmsg,
kfree(princhash.data);
return -EFAULT;
}
+ kfree(name.data);
+ kfree(princhash.data);
return nn->client_tracking_ops->msglen;
}
return -EFAULT;
--
2.25.1
Powered by blists - more mailing lists