aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2008-01-16 16:38:10 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-01-30 02:06:11 -0500
commitfc6014771bde8a215a9a4ea24b45f76afeb3c922 (patch)
tree60d34b3f1fa44c42a7fd18867531dc915007dfa0
parent3d1c550874bcaf0d9b7fb66f601caed109074f4b (diff)
NFS: Address memory leaks in the NFS client mount option parser
David Howells noticed that repeating the same mount option twice during an NFS mount request can result in orphaned memory in certain cases. Only the client_address and mount_server.hostname strings are initialized in the mount parsing loop, so those appear to be the only two pointers that might be written over by repeating a mount option. The strings in the nfs_server section of the nfs_parsed_mount_data structure are set only once after the options are parsed, thus these are not susceptible to being overwritten. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r--fs/nfs/super.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 0d1bc61d0b68..22c49c02897d 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1006,12 +1006,14 @@ static int nfs_parse_mount_options(char *raw,
1006 string = match_strdup(args); 1006 string = match_strdup(args);
1007 if (string == NULL) 1007 if (string == NULL)
1008 goto out_nomem; 1008 goto out_nomem;
1009 kfree(mnt->client_address);
1009 mnt->client_address = string; 1010 mnt->client_address = string;
1010 break; 1011 break;
1011 case Opt_mounthost: 1012 case Opt_mounthost:
1012 string = match_strdup(args); 1013 string = match_strdup(args);
1013 if (string == NULL) 1014 if (string == NULL)
1014 goto out_nomem; 1015 goto out_nomem;
1016 kfree(mnt->mount_server.hostname);
1015 mnt->mount_server.hostname = string; 1017 mnt->mount_server.hostname = string;
1016 break; 1018 break;
1017 case Opt_mountaddr: 1019 case Opt_mountaddr: