Commit 9d94109c authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by Kleber Sacilotto de Souza

nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl

BugLink: https://bugs.launchpad.net/bugs/1878246

commit 7648f939 upstream.

nfs3_set_acl keeps track of the acl it allocated locally to determine if an acl
needs to be released at the end.  This results in a memory leak when the
function allocates an acl as well as a default acl.  Fix by releasing acls
that differ from the acl originally passed into nfs3_set_acl.

Fixes: b7fa0554 ("[PATCH] NFS: Add support for NFSv3 ACLs")
Reported-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarIan May <ian.may@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent a782e309
...@@ -213,37 +213,45 @@ int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl, ...@@ -213,37 +213,45 @@ int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl,
int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type) int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type)
{ {
struct posix_acl *alloc = NULL, *dfacl = NULL; struct posix_acl *orig = acl, *dfacl = NULL, *alloc;
int status; int status;
if (S_ISDIR(inode->i_mode)) { if (S_ISDIR(inode->i_mode)) {
switch(type) { switch(type) {
case ACL_TYPE_ACCESS: case ACL_TYPE_ACCESS:
alloc = dfacl = get_acl(inode, ACL_TYPE_DEFAULT); alloc = get_acl(inode, ACL_TYPE_DEFAULT);
if (IS_ERR(alloc)) if (IS_ERR(alloc))
goto fail; goto fail;
dfacl = alloc;
break; break;
case ACL_TYPE_DEFAULT: case ACL_TYPE_DEFAULT:
dfacl = acl; alloc = get_acl(inode, ACL_TYPE_ACCESS);
alloc = acl = get_acl(inode, ACL_TYPE_ACCESS);
if (IS_ERR(alloc)) if (IS_ERR(alloc))
goto fail; goto fail;
dfacl = acl;
acl = alloc;
break; break;
} }
} }
if (acl == NULL) { if (acl == NULL) {
alloc = acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); alloc = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
if (IS_ERR(alloc)) if (IS_ERR(alloc))
goto fail; goto fail;
acl = alloc;
} }
status = __nfs3_proc_setacls(inode, acl, dfacl); status = __nfs3_proc_setacls(inode, acl, dfacl);
posix_acl_release(alloc); out:
if (acl != orig)
posix_acl_release(acl);
if (dfacl != orig)
posix_acl_release(dfacl);
return status; return status;
fail: fail:
return PTR_ERR(alloc); status = PTR_ERR(alloc);
goto out;
} }
const struct xattr_handler *nfs3_xattr_handlers[] = { const struct xattr_handler *nfs3_xattr_handlers[] = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment