4cb6829647
There's a memory leak in afs_parse_source() whereby multiple source=
parameters overwrite fc->source in the fs_context struct without freeing
the previously recorded source.
Fix this by only permitting a single source parameter and rejecting with
an error all subsequent ones.
This was caught by syzbot with the kernel memory leak detector, showing
something like the following trace:
unreferenced object 0xffff888114375440 (size 32):
comm "repro", pid 5168, jiffies 4294923723 (age 569.948s)
backtrace:
slab_post_alloc_hook+0x42/0x79
__kmalloc_track_caller+0x125/0x16a
kmemdup_nul+0x24/0x3c
vfs_parse_fs_string+0x5a/0xa1
generic_parse_monolithic+0x9d/0xc5
do_new_mount+0x10d/0x15a
do_mount+0x5f/0x8e
__do_sys_mount+0xff/0x127
do_syscall_64+0x2d/0x3a
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes:
|
||
---|---|---|
.. | ||
addr_list.c | ||
afs_cm.h | ||
afs_fs.h | ||
afs_vl.h | ||
afs.h | ||
cache.c | ||
callback.c | ||
cell.c | ||
cmservice.c | ||
dir_edit.c | ||
dir_silly.c | ||
dir.c | ||
dynroot.c | ||
file.c | ||
flock.c | ||
fs_operation.c | ||
fs_probe.c | ||
fsclient.c | ||
inode.c | ||
internal.h | ||
Kconfig | ||
main.c | ||
Makefile | ||
misc.c | ||
mntpt.c | ||
proc.c | ||
protocol_uae.h | ||
protocol_yfs.h | ||
rotate.c | ||
rxrpc.c | ||
security.c | ||
server_list.c | ||
server.c | ||
super.c | ||
vl_alias.c | ||
vl_list.c | ||
vl_probe.c | ||
vl_rotate.c | ||
vlclient.c | ||
volume.c | ||
write.c | ||
xattr.c | ||
xdr_fs.h | ||
yfsclient.c |