From fc6014771bde8a215a9a4ea24b45f76afeb3c922 Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Wed, 16 Jan 2008 16:38:10 -0500 Subject: [PATCH] NFS: Address memory leaks in the NFS client mount option parser David Howells noticed that repeating the same mount option twice during an NFS mount request can result in orphaned memory in certain cases. Only the client_address and mount_server.hostname strings are initialized in the mount parsing loop, so those appear to be the only two pointers that might be written over by repeating a mount option. The strings in the nfs_server section of the nfs_parsed_mount_data structure are set only once after the options are parsed, thus these are not susceptible to being overwritten. Signed-off-by: Chuck Lever Signed-off-by: Trond Myklebust --- fs/nfs/super.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 0d1bc61d0b68..22c49c02897d 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -1006,12 +1006,14 @@ static int nfs_parse_mount_options(char *raw, string = match_strdup(args); if (string == NULL) goto out_nomem; + kfree(mnt->client_address); mnt->client_address = string; break; case Opt_mounthost: string = match_strdup(args); if (string == NULL) goto out_nomem; + kfree(mnt->mount_server.hostname); mnt->mount_server.hostname = string; break; case Opt_mountaddr: -- 2.20.1