Message ID | 1481654014-5563-1-git-send-email-xiyou.wangcong@gmail.com (mailing list archive) |
---|---|
State | Superseded, archived |
Headers | show |
On Tue, 13 Dec 2016 10:33:34 -0800 Cong Wang <xiyou.wangcong@gmail.com> wrote: > posix_acl_update_mode() could possibly clear 'acl', if so > we leak the memory pointed by 'acl'. Save this pointer > before calling posix_acl_update_mode() and release the memory > if 'acl' really gets cleared. > > Reported-by: Mark Salyzyn <salyzyn@android.com> > Reviewed-by: Jan Kara <jack@suse.cz> > Cc: Eric Van Hensbergen <ericvh@gmail.com> > Cc: Ron Minnich <rminnich@sandia.gov> > Cc: Latchesar Ionkov <lucho@ionkov.net> > Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> > --- Reviewed-by: Greg Kurz <groug@kaod.org> > fs/9p/acl.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/9p/acl.c b/fs/9p/acl.c > index b3c2cc7..082d227 100644 > --- a/fs/9p/acl.c > +++ b/fs/9p/acl.c > @@ -277,6 +277,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler, > case ACL_TYPE_ACCESS: > if (acl) { > struct iattr iattr; > + struct posix_acl *old_acl = acl; > > retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl); > if (retval) > @@ -287,6 +288,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler, > * by the mode bits. So don't > * update ACL. > */ > + posix_acl_release(old_acl); > value = NULL; > size = 0; > } ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
diff --git a/fs/9p/acl.c b/fs/9p/acl.c index b3c2cc7..082d227 100644 --- a/fs/9p/acl.c +++ b/fs/9p/acl.c @@ -277,6 +277,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler, case ACL_TYPE_ACCESS: if (acl) { struct iattr iattr; + struct posix_acl *old_acl = acl; retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl); if (retval) @@ -287,6 +288,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler, * by the mode bits. So don't * update ACL. */ + posix_acl_release(old_acl); value = NULL; size = 0; }