iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a1f05514b0
linux/fs/nfsd
History
Kinglong Mee a1f05514b0 NFS4: Avoid NULL reference or double free in nfsd4_fslocs_free() 
If fsloc_parse() failed at kzalloc(), fs/nfsd/export.c
 411
 412         fsloc->locations = kzalloc(fsloc->locations_count
 413                         * sizeof(struct nfsd4_fs_location), GFP_KERNEL);
 414         if (!fsloc->locations)
 415                 return -ENOMEM;

svc_export_parse() will call nfsd4_fslocs_free() with fsloc->locations = NULL,
so that, "kfree(fsloc->locations[i].path);" will cause a crash.

If fsloc_parse() failed after that, fsloc_parse() will call nfsd4_fslocs_free(),
and svc_export_parse() will call it again, so that, a double free is caused.

This patch checks the fsloc->locations, and set to NULL after it be freed.

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-05-30 17:32:18 -04:00
..
acl.h nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
auth.c kernel/groups.c: remove return value of set_groups 2014-04-03 16:21:05 -07:00
auth.h nfsd: Remove nfsd_luid, nfsd_lgid, nfsd_ruid and nfsd_rgid 2013-02-13 06:15:51 -08:00
cache.h nfsd: get rid of unused function definition 2014-01-02 17:53:23 -05:00
current_stateid.h nfsd41: use current stateid by value 2012-02-15 11:20:45 -05:00
export.c NFS4: Avoid NULL reference or double free in nfsd4_fslocs_free() 2014-05-30 17:32:18 -04:00
export.h nfsd: move <linux/nfsd/export.h> to fs/nfsd 2014-05-06 17:54:54 -04:00
fault_inject.c NFSD: Use simple_read_from_buffer for coping data to userspace 2014-05-08 14:59:52 -04:00
idmap.h nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
Kconfig nfsd: fix Kconfig syntax 2013-10-26 15:37:26 -04:00
lockd.c nfsd: Remove deprecated nfsctl system call and related code. 2011-07-15 18:58:42 -04:00
Makefile NFSD: Added fault injection 2011-11-07 21:10:47 -05:00
netns.h NFSD: Don't start lockd when only NFSv4 is running 2014-01-03 18:18:50 -05:00
nfs2acl.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
nfs3acl.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
nfs3proc.c switch vfs_getattr() to struct path 2013-02-26 02:46:08 -05:00
nfs3xdr.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
nfs4acl.c nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
nfs4callback.c nfsd: set timeparms.to_maxval in setup_callback_client 2014-04-18 14:34:31 +02:00
nfs4idmap.c nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
nfs4proc.c nfsd4: better reservation of head space for krb5 2014-05-30 17:32:17 -04:00
nfs4recover.c nfsd: switch to %p[dD] 2013-10-24 23:34:51 -04:00
nfs4state.c nfsd4: better reservation of head space for krb5 2014-05-30 17:32:17 -04:00
nfs4xdr.c nfsd4: better reservation of head space for krb5 2014-05-30 17:32:17 -04:00
nfscache.c nfsd: don't try to reuse an expired DRC entry off the list 2013-12-11 11:27:04 -05:00
nfsctl.c NFSD: Get rid of empty function nfs4_state_init 2014-05-08 14:59:52 -04:00
nfsd.h NFSD: Get rid of empty function nfs4_state_init 2014-05-08 14:59:52 -04:00
nfsfh.c nfsd: clean up fh_auth usage 2014-05-08 12:43:03 -04:00
nfsfh.h nfsd: remove <linux/nfsd/nfsfh.h> 2014-05-06 17:54:53 -04:00
nfsproc.c switch vfs_getattr() to struct path 2013-02-26 02:46:08 -05:00
nfssvc.c nfsd: Only set PF_LESS_THROTTLE when really needed. 2014-05-22 15:59:19 -04:00
nfsxdr.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
state.h nfsd4: allow larger 4.1 session drc slots 2014-05-23 09:03:41 -04:00
stats.c nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
vfs.c nfsd4: separate splice and readv cases 2014-05-30 17:32:09 -04:00
vfs.h nfsd4: separate splice and readv cases 2014-05-30 17:32:09 -04:00
xdr3.h nfsd: fix encode_entryplus_baggage stack usage 2014-01-23 13:50:27 -05:00
xdr4.h nfsd4: allow large readdirs 2014-05-30 17:32:03 -04:00
xdr4cb.h nfsd4: check backchannel attributes on create_session 2013-04-09 16:53:56 -04:00
xdr.h nfsd: handle vfs_getattr errors in acl protocol 2013-02-26 02:46:09 -05:00