From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C404364BE for ; Wed, 15 Nov 2023 20:00:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="YyYbsg8v" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DCDFEC433C7; Wed, 15 Nov 2023 20:00:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1700078450; bh=RAt9kwY1LS13rjLINn3sJM/JgzQ+h8nJ03Ad8ZT4w28=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YyYbsg8v1biGROQpt9Yj0jLOmEeH57uQavUJP+KYGsDvaE378eWNLB6XDi7drQ7cP PeGeSdx6K1RyeqToO7A3zjeilAl6ZbTIPVo6BbL9R627a0o4Aot7erjzr8/AwOJ0cO ZQ/6u76DCdaB8xGA2T1VDCVGhDWK4y4QPg7Xa1X4= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Christian Schoenebeck , Hangyu Hua , Dominique Martinet , Sasha Levin Subject: [PATCH 6.1 304/379] 9p/net: fix possible memory leak in p9_check_errors() Date: Wed, 15 Nov 2023 14:26:19 -0500 Message-ID: <20231115192703.130317711@linuxfoundation.org> X-Mailer: git-send-email 2.42.1 In-Reply-To: <20231115192645.143643130@linuxfoundation.org> References: <20231115192645.143643130@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Hangyu Hua [ Upstream commit ce07087964208eee2ca2f9ee4a98f8b5d9027fe6 ] When p9pdu_readf() is called with "s?d" attribute, it allocates a pointer that will store a string. But when p9pdu_readf() fails while handling "d" then this pointer will not be freed in p9_check_errors(). Fixes: 51a87c552dfd ("9p: rework client code to use new protocol support functions") Reviewed-by: Christian Schoenebeck Signed-off-by: Hangyu Hua Message-ID: <20231027030302.11927-1-hbh25y@gmail.com> Signed-off-by: Dominique Martinet Signed-off-by: Sasha Levin --- net/9p/client.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/9p/client.c b/net/9p/client.c index af59c3f2ec2e7..a96e127ca4883 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -537,12 +537,14 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req) return 0; if (!p9_is_proto_dotl(c)) { - char *ename; + char *ename = NULL; err = p9pdu_readf(&req->rc, c->proto_version, "s?d", &ename, &ecode); - if (err) + if (err) { + kfree(ename); goto out_err; + } if (p9_is_proto_dotu(c) && ecode < 512) err = -ecode; -- 2.42.0