* Q: cifs, freeing volume_info->UNCip
@ 2011-08-15 23:22 J. R. Okajima
2011-08-18 1:29 ` Jeff Layton
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: J. R. Okajima @ 2011-08-15 23:22 UTC (permalink / raw)
To: smfrench, linux-cifs; +Cc: linux-kernel, kirk w
Hello,
CIFS cleanup_volume_info_contents() looks like having a memory
corruption problem.
When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
should not be kfree()-ed in cleanup_volume_info_contents().
If it is correct and the code in mainline is not fixed yet, then here is
a patch.
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index ccc1afa..e0ea721 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
kfree(volume_info->username);
kzfree(volume_info->password);
kfree(volume_info->UNC);
- kfree(volume_info->UNCip);
+ if (volume_info->UNCip != volume_info->UNC + 2)
+ kfree(volume_info->UNCip);
kfree(volume_info->domainname);
kfree(volume_info->iocharset);
kfree(volume_info->prepath);
J. R. Okajima
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: Q: cifs, freeing volume_info->UNCip
2011-08-15 23:22 Q: cifs, freeing volume_info->UNCip J. R. Okajima
@ 2011-08-18 1:29 ` Jeff Layton
2011-08-18 10:42 ` Jeff Layton
2011-08-18 16:55 ` Steve French
2 siblings, 0 replies; 4+ messages in thread
From: Jeff Layton @ 2011-08-18 1:29 UTC (permalink / raw)
To: J. R. Okajima; +Cc: smfrench, linux-cifs, linux-kernel, kirk w
On Tue, 16 Aug 2011 08:22:17 +0900
"J. R. Okajima" <hooanon05@yahoo.co.jp> wrote:
>
> Hello,
>
> CIFS cleanup_volume_info_contents() looks like having a memory
> corruption problem.
> When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
> should not be kfree()-ed in cleanup_volume_info_contents().
>
> If it is correct and the code in mainline is not fixed yet, then here is
> a patch.
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index ccc1afa..e0ea721 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
> kfree(volume_info->username);
> kzfree(volume_info->password);
> kfree(volume_info->UNC);
> - kfree(volume_info->UNCip);
> + if (volume_info->UNCip != volume_info->UNC + 2)
> + kfree(volume_info->UNCip);
> kfree(volume_info->domainname);
> kfree(volume_info->iocharset);
> kfree(volume_info->prepath);
>
>
Looks correct, nice catch.
Reviewed-by: Jeff Layton <jlayton@redhat.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Q: cifs, freeing volume_info->UNCip
2011-08-15 23:22 Q: cifs, freeing volume_info->UNCip J. R. Okajima
2011-08-18 1:29 ` Jeff Layton
@ 2011-08-18 10:42 ` Jeff Layton
2011-08-18 16:55 ` Steve French
2 siblings, 0 replies; 4+ messages in thread
From: Jeff Layton @ 2011-08-18 10:42 UTC (permalink / raw)
To: J. R. Okajima; +Cc: smfrench, linux-cifs, linux-kernel, kirk w
On Tue, 16 Aug 2011 08:22:17 +0900
"J. R. Okajima" <hooanon05@yahoo.co.jp> wrote:
>
> Hello,
>
> CIFS cleanup_volume_info_contents() looks like having a memory
> corruption problem.
> When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
> should not be kfree()-ed in cleanup_volume_info_contents().
>
> If it is correct and the code in mainline is not fixed yet, then here is
> a patch.
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index ccc1afa..e0ea721 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
> kfree(volume_info->username);
> kzfree(volume_info->password);
> kfree(volume_info->UNC);
> - kfree(volume_info->UNCip);
> + if (volume_info->UNCip != volume_info->UNC + 2)
> + kfree(volume_info->UNCip);
> kfree(volume_info->domainname);
> kfree(volume_info->iocharset);
> kfree(volume_info->prepath);
>
>
Also, this patch should obviously go to stable too.
--
Jeff Layton <jlayton@redhat.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Q: cifs, freeing volume_info->UNCip
2011-08-15 23:22 Q: cifs, freeing volume_info->UNCip J. R. Okajima
2011-08-18 1:29 ` Jeff Layton
2011-08-18 10:42 ` Jeff Layton
@ 2011-08-18 16:55 ` Steve French
2 siblings, 0 replies; 4+ messages in thread
From: Steve French @ 2011-08-18 16:55 UTC (permalink / raw)
To: J. R. Okajima; +Cc: linux-cifs, linux-kernel, kirk w
merged
On Mon, Aug 15, 2011 at 6:22 PM, J. R. Okajima <hooanon05@yahoo.co.jp> wrote:
>
> Hello,
>
> CIFS cleanup_volume_info_contents() looks like having a memory
> corruption problem.
> When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
> should not be kfree()-ed in cleanup_volume_info_contents().
>
> If it is correct and the code in mainline is not fixed yet, then here is
> a patch.
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index ccc1afa..e0ea721 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
> kfree(volume_info->username);
> kzfree(volume_info->password);
> kfree(volume_info->UNC);
> - kfree(volume_info->UNCip);
> + if (volume_info->UNCip != volume_info->UNC + 2)
> + kfree(volume_info->UNCip);
> kfree(volume_info->domainname);
> kfree(volume_info->iocharset);
> kfree(volume_info->prepath);
>
>
> J. R. Okajima
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-08-18 16:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-15 23:22 Q: cifs, freeing volume_info->UNCip J. R. Okajima
2011-08-18 1:29 ` Jeff Layton
2011-08-18 10:42 ` Jeff Layton
2011-08-18 16:55 ` Steve French
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox