summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Rix <trix@redhat.com>2020-06-12 15:45:49 -0700
committerAnna Schumaker <Anna.Schumaker@Netapp.com>2020-06-26 08:43:14 -0400
commit4659ed7cc8514369043053463514408ca16ad6f3 (patch)
treecd1945b45f69bf47895c99b42d794622d18a81b6
parentb7ade38165ca0001c5a3bd5314a314abbbfbb1b7 (diff)
downloadlinux-4659ed7cc8514369043053463514408ca16ad6f3.tar.bz2
nfs: Fix memory leak of export_path
The try_location function is called within a loop by nfs_follow_referral. try_location calls nfs4_pathname_string to created the export_path. nfs4_pathname_string allocates the memory. export_path is stored in the nfs_fs_context/fs_context structure similarly as hostname and source. But whereas the ctx hostname and source are freed before assignment, export_path is not. So if there are multiple loops, the new export_path will overwrite the old without the old being freed. So call kfree for export_path. Signed-off-by: Tom Rix <trix@redhat.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
-rw-r--r--fs/nfs/nfs4namespace.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
index a3ab6e219061..873342308dc0 100644
--- a/fs/nfs/nfs4namespace.c
+++ b/fs/nfs/nfs4namespace.c
@@ -308,6 +308,7 @@ static int try_location(struct fs_context *fc,
if (IS_ERR(export_path))
return PTR_ERR(export_path);
+ kfree(ctx->nfs_server.export_path);
ctx->nfs_server.export_path = export_path;
source = kmalloc(len + 1 + ctx->nfs_server.export_path_len + 1,