lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20251225142754.1114352-1-zilin@seu.edu.cn>
Date: Thu, 25 Dec 2025 14:27:54 +0000
From: Zilin Guan <zilin@....edu.cn>
To: raven@...maw.net
Cc: autofs@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	jianhao.xu@....edu.cn,
	Zilin Guan <zilin@....edu.cn>
Subject: [PATCH] autofs: Fix memory leak in autofs_fill_super()

The autofs_new_ino() function allocates a new autofs_info structure.
If the subsequent call to autofs_get_inode() fails, this structure is
not freed, leading to a memory leak.

Fix this by adding a new error label to free the structure and jumping
to it upon failure.

While at it, consolidate the error handling for the d_make_root()
failure case to use the same label.

Fixes: 66917f85db600 ("autofs: add: new_inode check in autofs_fill_super()")
Signed-off-by: Zilin Guan <zilin@....edu.cn>
---
 fs/autofs/inode.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
index b932b1719dfc..391979f8b2bb 100644
--- a/fs/autofs/inode.c
+++ b/fs/autofs/inode.c
@@ -324,7 +324,7 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 
 	root_inode = autofs_get_inode(s, S_IFDIR | 0755);
 	if (!root_inode)
-		return -ENOMEM;
+		goto nomem;
 
 	root_inode->i_uid = ctx->uid;
 	root_inode->i_gid = ctx->gid;
@@ -332,10 +332,9 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 	root_inode->i_op = &autofs_dir_inode_operations;
 
 	s->s_root = d_make_root(root_inode);
-	if (unlikely(!s->s_root)) {
-		autofs_free_ino(ino);
-		return -ENOMEM;
-	}
+	if (unlikely(!s->s_root))
+		goto nomem;
+
 	s->s_root->d_fsdata = ino;
 
 	if (ctx->pgrp_set) {
@@ -358,6 +357,10 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 
 	sbi->flags &= ~AUTOFS_SBI_CATATONIC;
 	return 0;
+
+nomem:
+	autofs_free_ino(ino);
+	return -ENOMEM;
 }
 
 /*
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ