From: Jeff Layton <jlayton@redhat.com>
To: "J. R. Okajima" <hooanon05@yahoo.co.jp>
Cc: smfrench@gmail.com, linux-cifs@vger.kernel.org,
linux-kernel@vger.kernel.org, kirk w <kirkpuppy@yahoo.com>
Subject: Re: Q: cifs, freeing volume_info->UNCip
Date: Wed, 17 Aug 2011 21:29:04 -0400 [thread overview]
Message-ID: <20110817212904.45b79409@corrin.poochiereds.net> (raw)
In-Reply-To: <7087.1313450537@jrobl>
On Tue, 16 Aug 2011 08:22:17 +0900
"J. R. Okajima" <hooanon05@yahoo.co.jp> wrote:
>
> Hello,
>
> CIFS cleanup_volume_info_contents() looks like having a memory
> corruption problem.
> When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
> should not be kfree()-ed in cleanup_volume_info_contents().
>
> If it is correct and the code in mainline is not fixed yet, then here is
> a patch.
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index ccc1afa..e0ea721 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
> kfree(volume_info->username);
> kzfree(volume_info->password);
> kfree(volume_info->UNC);
> - kfree(volume_info->UNCip);
> + if (volume_info->UNCip != volume_info->UNC + 2)
> + kfree(volume_info->UNCip);
> kfree(volume_info->domainname);
> kfree(volume_info->iocharset);
> kfree(volume_info->prepath);
>
>
Looks correct, nice catch.
Reviewed-by: Jeff Layton <jlayton@redhat.com>
next prev parent reply other threads:[~2011-08-18 1:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-15 23:22 Q: cifs, freeing volume_info->UNCip J. R. Okajima
2011-08-18 1:29 ` Jeff Layton [this message]
2011-08-18 10:42 ` Jeff Layton
2011-08-18 16:55 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110817212904.45b79409@corrin.poochiereds.net \
--to=jlayton@redhat.com \
--cc=hooanon05@yahoo.co.jp \
--cc=kirkpuppy@yahoo.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox