summaryrefslogtreecommitdiffstats
path: root/fs/quota
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2020-12-22 12:09:53 +0100
committerJan Kara <jack@suse.cz>2021-01-05 14:42:18 +0100
commita4db1072e1a3bd7a8d9c356e1902b13ac5deb8ef (patch)
tree6f9fc68d5b3bc429a18598e9558881af5fa7cff2 /fs/quota
parent36bbbd0e234d817938bdc52121a0f5473b3e58f5 (diff)
downloadlinux-stable-a4db1072e1a3bd7a8d9c356e1902b13ac5deb8ef.tar.gz
linux-stable-a4db1072e1a3bd7a8d9c356e1902b13ac5deb8ef.tar.bz2
linux-stable-a4db1072e1a3bd7a8d9c356e1902b13ac5deb8ef.zip
quota: Fix memory leak when handling corrupted quota file
When checking corrupted quota file we can bail out and leak allocated info structure. Properly free info structure on error return. Reported-by: syzbot+77779c9b52ab78154b08@syzkaller.appspotmail.com Fixes: 11c514a99bb9 ("quota: Sanity-check quota file headers on load") Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/quota')
-rw-r--r--fs/quota/quota_v2.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/fs/quota/quota_v2.c b/fs/quota/quota_v2.c
index c21106557a37..b1467f3921c2 100644
--- a/fs/quota/quota_v2.c
+++ b/fs/quota/quota_v2.c
@@ -164,19 +164,24 @@ static int v2_read_file_info(struct super_block *sb, int type)
quota_error(sb, "Number of blocks too big for quota file size (%llu > %llu).",
(loff_t)qinfo->dqi_blocks << qinfo->dqi_blocksize_bits,
i_size_read(sb_dqopt(sb)->files[type]));
- goto out;
+ goto out_free;
}
if (qinfo->dqi_free_blk >= qinfo->dqi_blocks) {
quota_error(sb, "Free block number too big (%u >= %u).",
qinfo->dqi_free_blk, qinfo->dqi_blocks);
- goto out;
+ goto out_free;
}
if (qinfo->dqi_free_entry >= qinfo->dqi_blocks) {
quota_error(sb, "Block with free entry too big (%u >= %u).",
qinfo->dqi_free_entry, qinfo->dqi_blocks);
- goto out;
+ goto out_free;
}
ret = 0;
+out_free:
+ if (ret) {
+ kfree(info->dqi_priv);
+ info->dqi_priv = NULL;
+ }
out:
up_read(&dqopt->dqio_sem);
return ret;