Commit bea6f1c7 authored Dec 13, 2016 by Cong Wang Committed by Dennis Cagle Apr 21, 2017

FROMLIST: 9p: fix a potential acl leak

(https://lkml.org/lkml/2016/12/13/579

)

posix_acl_update_mode() could possibly clear 'acl', if so
we leak the memory pointed by 'acl'. Save this pointer
before calling posix_acl_update_mode() and release the memory
if 'acl' really gets cleared.

Reported-by: Mark Salyzyn <salyzyn@android.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Greg Kurz <groug@kaod.org>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Bug: 32458736
Change-Id: Ia78da401e6fd1bfd569653bd2cd0ebd3f9c737a0
Git-repo: https://android.googlesource.com/kernel/msm/


Git-commit: 7c780387c931f63fe67830c817f65c1272512bb1
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>

parent 74efdfc1

fs/9p/acl.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -283,6 +283,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler,
		case ACL_TYPE_ACCESS:
		if (acl) {
		struct iattr iattr;
		struct posix_acl *old_acl = acl;

		retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
		if (retval)
		@@ -293,6 +294,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler *handler,
		* by the mode bits. So don't
		* update ACL.
		*/
		posix_acl_release(old_acl);
		value = NULL;
		size = 0;
		}