mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-09 22:50:41 +00:00
NFS: Fix leak of ctx->nfs_server.hostname
If userspace passes an nfs_mount_data struct in the data argument of mount(2), then nfs23_parse_monolithic() or nfs4_parse_monolithic() will allocate memory for ctx->nfs_server.hostname. This needs to be freed in nfs_parse_source(), which also allocates memory for ctx->nfs_server.hostname, otherwise a leak will occur. Reported-by: syzbot+193c375dcddb4f345091@syzkaller.appspotmail.com Fixes: f2aedb713c28 ("NFS: Add fs_context support.") Signed-off-by: Scott Mayhew <smayhew@redhat.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
This commit is contained in:
parent
1821b26a1f
commit
75a9b91761
@ -832,6 +832,8 @@ static int nfs_parse_source(struct fs_context *fc,
|
||||
if (len > maxnamlen)
|
||||
goto out_hostname;
|
||||
|
||||
kfree(ctx->nfs_server.hostname);
|
||||
|
||||
/* N.B. caller will free nfs_server.hostname in all cases */
|
||||
ctx->nfs_server.hostname = kmemdup_nul(dev_name, len, GFP_KERNEL);
|
||||
if (!ctx->nfs_server.hostname)
|
||||
|
Loading…
x
Reference in New Issue
Block a user