* [PATCH] NFS: Fix leak of ctx->nfs_server.hostname
@ 2020-02-25 16:05 Scott Mayhew
0 siblings, 0 replies; only message in thread
From: Scott Mayhew @ 2020-02-25 16:05 UTC (permalink / raw)
To: trond.myklebust, anna.schumaker; +Cc: syzbot, syzkaller-bugs, linux-nfs
If userspace passes an nfs_mount_data struct in the data argument of
mount(2), then nfs23_parse_monolithic() or nfs4_parse_monolithic()
will allocate memory for ctx->nfs_server.hostname. This needs to be
freed in nfs_parse_source(), which also allocates memory for
ctx->nfs_server.hostname, otherwise a leak will occur.
Reported-by: syzbot+193c375dcddb4f345091@syzkaller.appspotmail.com
Fixes: f2aedb713c28 ("NFS: Add fs_context support.")
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
---
fs/nfs/fs_context.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
index b616263b0eb6..e113fcb4bb4c 100644
--- a/fs/nfs/fs_context.c
+++ b/fs/nfs/fs_context.c
@@ -832,6 +832,8 @@ static int nfs_parse_source(struct fs_context *fc,
if (len > maxnamlen)
goto out_hostname;
+ kfree(ctx->nfs_server.hostname);
+
/* N.B. caller will free nfs_server.hostname in all cases */
ctx->nfs_server.hostname = kmemdup_nul(dev_name, len, GFP_KERNEL);
if (!ctx->nfs_server.hostname)
--
2.24.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-02-25 16:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-25 16:05 [PATCH] NFS: Fix leak of ctx->nfs_server.hostname Scott Mayhew
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).