diff options
author | Chuck Lever <chuck.lever@oracle.com> | 2008-01-16 16:38:10 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-01-30 02:06:11 -0500 |
commit | fc6014771bde8a215a9a4ea24b45f76afeb3c922 (patch) | |
tree | 60d34b3f1fa44c42a7fd18867531dc915007dfa0 /fs/nfs/super.c | |
parent | 3d1c550874bcaf0d9b7fb66f601caed109074f4b (diff) | |
download | kernel-crypto-fc6014771bde8a215a9a4ea24b45f76afeb3c922.tar.gz kernel-crypto-fc6014771bde8a215a9a4ea24b45f76afeb3c922.tar.xz kernel-crypto-fc6014771bde8a215a9a4ea24b45f76afeb3c922.zip |
NFS: Address memory leaks in the NFS client mount option parser
David Howells noticed that repeating the same mount option twice during an
NFS mount request can result in orphaned memory in certain cases.
Only the client_address and mount_server.hostname strings are initialized
in the mount parsing loop, so those appear to be the only two pointers that
might be written over by repeating a mount option. The strings in the
nfs_server section of the nfs_parsed_mount_data structure are set only once
after the options are parsed, thus these are not susceptible to being
overwritten.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs/super.c')
-rw-r--r-- | fs/nfs/super.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 0d1bc61d0b6..22c49c02897 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -1006,12 +1006,14 @@ static int nfs_parse_mount_options(char *raw, string = match_strdup(args); if (string == NULL) goto out_nomem; + kfree(mnt->client_address); mnt->client_address = string; break; case Opt_mounthost: string = match_strdup(args); if (string == NULL) goto out_nomem; + kfree(mnt->mount_server.hostname); mnt->mount_server.hostname = string; break; case Opt_mountaddr: |