Commit 962a991c authored May 23, 2019 by Bharath Vedartham Committed by Dominique Martinet Sep 03, 2019

9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie

v9fs_cache_session_get_cookie assigns a random cachetag to v9ses->cachetag,
if the cachetag is not assigned previously.

v9fs_random_cachetag allocates memory to v9ses->cachetag with kmalloc and uses
scnprintf to fill it up with a cachetag.

But if scnprintf fails, v9ses->cachetag is not freed in the current
code causing a memory leak.

Fix this by freeing v9ses->cachetag it v9fs_random_cachetag fails.

This was reported by syzbot, the link to the report is below:
https://syzkaller.appspot.com/bug?id=f012bdf297a7a4c860c38a88b44fbee43fd9bbf3

Link: http://lkml.kernel.org/r/20190522194519.GA5313@bharath12345-Inspiron-5559

Reported-by: <syzbot+3a030a73b6c1e9833815@syzkaller.appspotmail.com>
Signed-off-by: Bharath Vedartham <linux.bhar@gmail.com>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>

parent 0ce772fe

fs/9p/cache.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -51,6 +51,8 @@ void v9fs_cache_session_get_cookie(struct v9fs_session_info *v9ses)
		if (!v9ses->cachetag) {
		if (v9fs_random_cachetag(v9ses) < 0) {
		v9ses->fscache = NULL;
		kfree(v9ses->cachetag);
		v9ses->cachetag = NULL;
		return;
		}
		}