46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
From aedf77d56472d1fddf050c61c1017d4f51149fb1 Mon Sep 17 00:00:00 2001
|
|
From: Cong Wang <xiyou.wangcong@gmail.com>
|
|
Date: Tue, 13 Dec 2016 10:33:34 -0800
|
|
Subject: [PATCH] FROMLIST: 9p: fix a potential acl leak
|
|
|
|
(https://lkml.org/lkml/2016/12/13/579)
|
|
|
|
posix_acl_update_mode() could possibly clear 'acl', if so
|
|
we leak the memory pointed by 'acl'. Save this pointer
|
|
before calling posix_acl_update_mode() and release the memory
|
|
if 'acl' really gets cleared.
|
|
|
|
Reported-by: Mark Salyzyn <salyzyn@android.com>
|
|
Reviewed-by: Jan Kara <jack@suse.cz>
|
|
Reviewed-by: Greg Kurz <groug@kaod.org>
|
|
Cc: Eric Van Hensbergen <ericvh@gmail.com>
|
|
Cc: Ron Minnich <rminnich@sandia.gov>
|
|
Cc: Latchesar Ionkov <lucho@ionkov.net>
|
|
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
|
Bug: 32458736
|
|
Change-Id: Ia78da401e6fd1bfd569653bd2cd0ebd3f9c737a0
|
|
---
|
|
fs/9p/acl.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/fs/9p/acl.c b/fs/9p/acl.c
|
|
index 9686c1f17653f..c19a66472d2eb 100644
|
|
--- a/fs/9p/acl.c
|
|
+++ b/fs/9p/acl.c
|
|
@@ -321,6 +321,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
|
|
name = POSIX_ACL_XATTR_ACCESS;
|
|
if (acl) {
|
|
struct iattr iattr;
|
|
+ struct posix_acl *old_acl = acl;
|
|
|
|
retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
|
|
if (retval)
|
|
@@ -331,6 +332,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
|
|
* by the mode bits. So don't
|
|
* update ACL.
|
|
*/
|
|
+ posix_acl_release(old_acl);
|
|
value = NULL;
|
|
size = 0;
|
|
}
|