summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Mayhew <smayhew@redhat.com>2020-02-25 17:05:22 +0100
committerAnna Schumaker <Anna.Schumaker@Netapp.com>2020-02-25 19:48:21 +0100
commit75a9b9176157f3095d3099adf512b5a233addbc7 (patch)
tree372274e4366b996d52edb557463375a51ab63864
parentNFS: Don't hard-code the fs_type when submounting (diff)
downloadlinux-75a9b9176157f3095d3099adf512b5a233addbc7.tar.xz
linux-75a9b9176157f3095d3099adf512b5a233addbc7.zip
NFS: Fix leak of ctx->nfs_server.hostname
If userspace passes an nfs_mount_data struct in the data argument of mount(2), then nfs23_parse_monolithic() or nfs4_parse_monolithic() will allocate memory for ctx->nfs_server.hostname. This needs to be freed in nfs_parse_source(), which also allocates memory for ctx->nfs_server.hostname, otherwise a leak will occur. Reported-by: syzbot+193c375dcddb4f345091@syzkaller.appspotmail.com Fixes: f2aedb713c28 ("NFS: Add fs_context support.") Signed-off-by: Scott Mayhew <smayhew@redhat.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
-rw-r--r--fs/nfs/fs_context.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
index b616263b0eb6..e113fcb4bb4c 100644
--- a/fs/nfs/fs_context.c
+++ b/fs/nfs/fs_context.c
@@ -832,6 +832,8 @@ static int nfs_parse_source(struct fs_context *fc,
if (len > maxnamlen)
goto out_hostname;
+ kfree(ctx->nfs_server.hostname);
+
/* N.B. caller will free nfs_server.hostname in all cases */
ctx->nfs_server.hostname = kmemdup_nul(dev_name, len, GFP_KERNEL);
if (!ctx->nfs_server.hostname)