tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

CacheFiles: Fix memory leak in cachefiles_check_auxdata error paths

In cachefiles_check_auxdata(), we allocate auxbuf but fail to free it if
we determine there's an error or that the data is stale.

Further, assigning the output of vfs_getxattr() to auxbuf->len gives
problems with checking for errors as auxbuf->len is a u16. We don't
actually need to set auxbuf->len, so keep the length in a variable for
now. We shouldn't need to check the upper limit of the buffer as an
overflow there should be indicated by -ERANGE.

While we're at it, fscache_check_aux() returns an enum value, not an
int, so assign it to an appropriately typed variable rather than to ret.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Hongyi Jia <jiayisuse@gmail.com>
cc: Milosz Tanski <milosz@adfin.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Josh Boyer and committed by
Linus Torvalds 607566ae 8f4c3446

+15 -14
+15 -14
fs/cachefiles/xattr.c
··· 162 162 int cachefiles_check_auxdata(struct cachefiles_object *object) 163 163 { 164 164 struct cachefiles_xattr *auxbuf; 165 + enum fscache_checkaux validity; 165 166 struct dentry *dentry = object->dentry; 166 - unsigned int dlen; 167 + ssize_t xlen; 167 168 int ret; 168 169 169 170 ASSERT(dentry); ··· 175 174 if (!auxbuf) 176 175 return -ENOMEM; 177 176 178 - auxbuf->len = vfs_getxattr(dentry, cachefiles_xattr_cache, 179 - &auxbuf->type, 512 + 1); 180 - if (auxbuf->len < 1) 181 - return -ESTALE; 177 + xlen = vfs_getxattr(dentry, cachefiles_xattr_cache, 178 + &auxbuf->type, 512 + 1); 179 + ret = -ESTALE; 180 + if (xlen < 1 || 181 + auxbuf->type != object->fscache.cookie->def->type) 182 + goto error; 182 183 183 - if (auxbuf->type != object->fscache.cookie->def->type) 184 - return -ESTALE; 184 + xlen--; 185 + validity = fscache_check_aux(&object->fscache, &auxbuf->data, xlen); 186 + if (validity != FSCACHE_CHECKAUX_OKAY) 187 + goto error; 185 188 186 - dlen = auxbuf->len - 1; 187 - ret = fscache_check_aux(&object->fscache, &auxbuf->data, dlen); 188 - 189 + ret = 0; 190 + error: 189 191 kfree(auxbuf); 190 - if (ret != FSCACHE_CHECKAUX_OKAY) 191 - return -ESTALE; 192 - 193 - return 0; 192 + return ret; 194 193 } 195 194 196 195 /*