Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp833770ybm; Wed, 22 May 2019 12:18:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYu6a4ZoTKYXle5s9ldwmmyqAX6KXiUNoF1pfI4xz8GiM8d7W+3Q8QuiZXH61N4pmyLRuL X-Received: by 2002:a63:a1a:: with SMTP id 26mr91493457pgk.11.1558552704327; Wed, 22 May 2019 12:18:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558552704; cv=none; d=google.com; s=arc-20160816; b=WUzV1rMaGSbrKbs3ShSwT+hhewbuwQKRcQIvMOj+FbGqd6R6vvIe68sLjnXk4C0TAn VtZkbOiZnOFq5OfOhaq53byTjkHv9mVtLsIBpdmFFtoA7R4hx1Gis5SE/0taIXeKrIZ0 OEqby+k5UXzUpBG3Ncdion30h9+aXQDhNZCycYrCDg/GA/6kqZ4HVLxAPcXiPsai8BYf McpuVgR2PvMRWq5Oq0NeagvP9lrPnCTEIOu8Cc1a8kFjz5vCl73LyGo63Fa7jpCOKXYR cqXidHEpyFheodW/aEnBJj2zXtUpUu+LC4/JMUpxE67VcgzpsLIs4cTA4yilnSI/Rebv RmsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=xjRRu/ivm7yiZ1o3qLhgJ4zcxl0tGsUkhCktbB4oPNk=; b=Hpq0/hbQYJfzOYe62bV/8d24xhFEB//iDCCD0o0PBKxQlbjwD3vMc5xT3i3YebOqLV dlO6m4XY5TBfJIuU8gAGkRYNZ8CKRxeR08jvNVuZ7il1CwBWWbz3K/RF2t9zXCDOY034 07FRUTWUCNwFVeMvTHSjL+P9rttsfj8siDMy1yfnFLjbzkMJBmNypWoHxNHiXDbe6Hzu Ao/gQ0pkq1JbBePP0yJtJ09m31jqtMN8a/PeTHeJNr6tncJmtuNOky+AQBqymAAI6SaO OWRG93e51Me9Y0o2ETTAK0yn9o4NPQVfgt+5vi4Bmp609Xu0sBsQzTH5FfHe5EtQwnDN 6e+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kmr3ha07; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3si9754166pgw.444.2019.05.22.12.18.07; Wed, 22 May 2019 12:18:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kmr3ha07; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729640AbfEVTRB (ORCPT + 99 others); Wed, 22 May 2019 15:17:01 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:37959 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729003AbfEVTRB (ORCPT ); Wed, 22 May 2019 15:17:01 -0400 Received: by mail-pl1-f194.google.com with SMTP id f97so1527821plb.5 for ; Wed, 22 May 2019 12:17:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=xjRRu/ivm7yiZ1o3qLhgJ4zcxl0tGsUkhCktbB4oPNk=; b=kmr3ha07KpLkWeRssggZMzNfIFypCwymg1J4nTFghrFy8RSWvb3aiGxfhwvabLkGM+ U1zIRTCWWooqE6joJmhCmD9bcMLrg4tJ3Feh87C6AYzeItu0W+3nJFE59XHF/M+mk/Ff s6zQOjHxfMsMPrYqQmVzLCH5g0jfXAX3IfYnQfMWZeHWM3rNVJfh3UnMb5ump5GBBLJS jRUbPqFdOYrutU6esuhD6YokgysymCKp9gN/2lXVmMr6Ea2T4e9+wQIoh8pd9mxhEZcB 2Pgnr2z/Cq5ZbP7cmsoDiY4RFV4NTDqjgV8u35XKsria13ZFThv0oDq6Q80bkJl8M8Iv o4zA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=xjRRu/ivm7yiZ1o3qLhgJ4zcxl0tGsUkhCktbB4oPNk=; b=X4RmeNFQxyYEX1cd2+mg+QInm7ct8h7mcIht467CuBEAynIoyeMBghAseRix+b0nat 1UfpuWRVT9UlkMb3i1IWpcE/lo04kWr7x1WC5dj60kb6KT9qQbQRzJYUNEEPwdG+J08k x6dX/gOsXkke/s51XoxySvhEZ+qJt8sNv+myRLGa4cftCU7zKJL8A8QVcQm8Qsc35VNZ lacG8ubjicO45xT6dkkh8YsHKeLPvGxC8l79T/Q3kaOyJ924iPyiWG74P4HSDSjT2q6m MqT44z4QHH8/c8H14Ok079MdSVbp05xvjs8+ZWaylSmFICmiWXWb8Wxgy26MrVHS6mqr aA3A== X-Gm-Message-State: APjAAAWTTKHGTgZxJPjsbgqmc2aYjoHXPSQ+1ko0oTxH7xWWeqjZlbe0 ENKu67AWzlqim6DxdoXE6poYCbhb X-Received: by 2002:a17:902:aa97:: with SMTP id d23mr92521131plr.313.1558552620844; Wed, 22 May 2019 12:17:00 -0700 (PDT) Received: from bharath12345-Inspiron-5559 ([103.110.42.33]) by smtp.gmail.com with ESMTPSA id l68sm38347744pfb.20.2019.05.22.12.16.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 May 2019 12:17:00 -0700 (PDT) Date: Thu, 23 May 2019 00:46:55 +0530 From: Bharath Vedartham To: ericvh@gmail.com, lucho@ionkov.net, asmadeus@codewreck.org Cc: v9fs-developer@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: [PATCH] 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie Message-ID: <20190522191655.GA4657@bharath12345-Inspiron-5559> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v9fs_cache_session_get_cookie assigns a random cachetag to v9ses->cachetag, if the cachetag is not assigned previously. v9fs_random_cachetag allocates memory to v9ses->cachetag with kmalloc and uses scnprintf to fill it up with a cachetag. But if scnprintf fails, v9ses->cachetag is not freed in the current code causing a memory leak. Fix this by freeing v9ses->cachetag it v9fs_random_cachetag fails. This was reported by syzbot, the link to the report is below: https://syzkaller.appspot.com/bug?id=f012bdf297a7a4c860c38a88b44fbee43fd9bbf3 Reported-by: syzbot+3a030a73b6c1e9833815@syzkaller.appspotmail.com Signed-off-by: Bharath Vedartham --- fs/9p/cache.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/9p/cache.c b/fs/9p/cache.c index 9eb3470..4463b91 100644 --- a/fs/9p/cache.c +++ b/fs/9p/cache.c @@ -66,6 +66,7 @@ void v9fs_cache_session_get_cookie(struct v9fs_session_info *v9ses) if (!v9ses->cachetag) { if (v9fs_random_cachetag(v9ses) < 0) { v9ses->fscache = NULL; + kfree(v9ses->cachetag); return; } } -- 2.7.4