diff options
author | Tom Rix <trix@redhat.com> | 2020-06-12 15:45:49 -0700 |
---|---|---|
committer | Anna Schumaker <Anna.Schumaker@Netapp.com> | 2020-06-26 08:43:14 -0400 |
commit | 4659ed7cc8514369043053463514408ca16ad6f3 (patch) | |
tree | cd1945b45f69bf47895c99b42d794622d18a81b6 | |
parent | b7ade38165ca0001c5a3bd5314a314abbbfbb1b7 (diff) | |
download | linux-4659ed7cc8514369043053463514408ca16ad6f3.tar.bz2 |
nfs: Fix memory leak of export_path
The try_location function is called within a loop by nfs_follow_referral.
try_location calls nfs4_pathname_string to created the export_path.
nfs4_pathname_string allocates the memory. export_path is stored in the
nfs_fs_context/fs_context structure similarly as hostname and source.
But whereas the ctx hostname and source are freed before assignment,
export_path is not. So if there are multiple loops, the new export_path
will overwrite the old without the old being freed.
So call kfree for export_path.
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
-rw-r--r-- | fs/nfs/nfs4namespace.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index a3ab6e219061..873342308dc0 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c @@ -308,6 +308,7 @@ static int try_location(struct fs_context *fc, if (IS_ERR(export_path)) return PTR_ERR(export_path); + kfree(ctx->nfs_server.export_path); ctx->nfs_server.export_path = export_path; source = kmalloc(len + 1 + ctx->nfs_server.export_path_len + 1, |