From patchwork Mon Aug 15 23:22:17 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: hooanon05@yahoo.co.jp X-Patchwork-Id: 1069522 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p7FNVxsG017546 for ; Mon, 15 Aug 2011 23:32:00 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752684Ab1HOXb7 (ORCPT ); Mon, 15 Aug 2011 19:31:59 -0400 Received: from mfb02-md.ns.itscom.net ([175.177.155.110]:33163 "EHLO mfb02-md.ns.itscom.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751991Ab1HOXb7 (ORCPT ); Mon, 15 Aug 2011 19:31:59 -0400 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Mon, 15 Aug 2011 23:32:00 +0000 (UTC) X-Greylist: delayed 576 seconds by postgrey-1.27 at vger.kernel.org; Mon, 15 Aug 2011 19:31:59 EDT Received: from mail06-md.ns.itscom.net (mail06-md.ns.itscom.net [175.177.155.116]) by mfb02-md.ns.itscom.net (Postfix) with ESMTP id 9640B1708ACE for ; Tue, 16 Aug 2011 08:22:26 +0900 (JST) Received: from scan03-mds.s.noc.itscom.net (scan03-md.ns.itscom.net [175.177.155.124]) by mail06-md-outgoing.ns.itscom.net (Postfix) with ESMTP id 5AFCB6E84A2; Tue, 16 Aug 2011 08:22:17 +0900 (JST) Received: from unknown (HELO mail04-md-outgoing.ns.itscom.net) ([175.177.155.114]) by scan03-mds.s.noc.itscom.net with ESMTP; 16 Aug 2011 08:22:17 +0900 Received: from jromail.nowhere (h219-110-67-104.catv02.itscom.jp [219.110.67.104]) by mail04-md-outgoing.ns.itscom.net (Postfix) with ESMTP; Tue, 16 Aug 2011 08:22:17 +0900 (JST) Received: from jro by jrobl id 1Qt6U5-0001qK-ME ; Tue, 16 Aug 2011 08:22:17 +0900 From: "J. R. Okajima" To: smfrench@gmail.com, linux-cifs@vger.kernel.org cc: linux-kernel@vger.kernel.org, kirk w Subject: Q: cifs, freeing volume_info->UNCip Date: Tue, 16 Aug 2011 08:22:17 +0900 Message-ID: <7087.1313450537@jrobl> Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Hello, CIFS cleanup_volume_info_contents() looks like having a memory corruption problem. When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it should not be kfree()-ed in cleanup_volume_info_contents(). If it is correct and the code in mainline is not fixed yet, then here is a patch. J. R. Okajima Reviewed-by: Jeff Layton --- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index ccc1afa..e0ea721 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2838,7 +2838,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info) kfree(volume_info->username); kzfree(volume_info->password); kfree(volume_info->UNC); - kfree(volume_info->UNCip); + if (volume_info->UNCip != volume_info->UNC + 2) + kfree(volume_info->UNCip); kfree(volume_info->domainname); kfree(volume_info->iocharset); kfree(volume_info->prepath);