diff options
| author | Tom Rix <trix@redhat.com> | 2020-06-12 15:45:49 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-07-16 08:13:17 +0200 |
| commit | 6da6b579a6235cf29cf76dcacce34cd30e343af5 (patch) | |
| tree | 91269964eca33d06b94d1246dcbdf00097491740 /fs/nfs | |
| parent | 0bafbef3877a91e8185f448fc935cf84858d4621 (diff) | |
| download | linux-stable-6da6b579a6235cf29cf76dcacce34cd30e343af5.tar.gz linux-stable-6da6b579a6235cf29cf76dcacce34cd30e343af5.tar.bz2 linux-stable-6da6b579a6235cf29cf76dcacce34cd30e343af5.zip | |
nfs: Fix memory leak of export_path
[ Upstream commit 4659ed7cc8514369043053463514408ca16ad6f3 ]
The try_location function is called within a loop by nfs_follow_referral.
try_location calls nfs4_pathname_string to created the export_path.
nfs4_pathname_string allocates the memory. export_path is stored in the
nfs_fs_context/fs_context structure similarly as hostname and source.
But whereas the ctx hostname and source are freed before assignment,
export_path is not. So if there are multiple loops, the new export_path
will overwrite the old without the old being freed.
So call kfree for export_path.
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/nfs')
| -rw-r--r-- | fs/nfs/nfs4namespace.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index a3ab6e219061..873342308dc0 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c @@ -308,6 +308,7 @@ static int try_location(struct fs_context *fc, if (IS_ERR(export_path)) return PTR_ERR(export_path); + kfree(ctx->nfs_server.export_path); ctx->nfs_server.export_path = export_path; source = kmalloc(len + 1 + ctx->nfs_server.export_path_len + 1, |