From 733aac9beea8b2294f14d6451fe929f2d022cd97 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@cjr.nz>
Date: Fri, 12 Nov 2021 14:53:36 -0300
Subject: [PATCH] cifs: fix memory leak of smb3_fs_context_dup::server_hostname
Git-commit: 869da64d071142d4ed562a3e909deb18e4e72c4e
Patch-mainline: v5.16-rc1
References: stable-5.14.19
commit 869da64d071142d4ed562a3e909deb18e4e72c4e upstream.
Fix memory leak of smb3_fs_context_dup::server_hostname when parsing
and duplicating fs contexts during mount(2) as reported by kmemleak:
unreferenced object 0xffff888125715c90 (size 16):
comm "mount.cifs", pid 3832, jiffies 4304535868 (age 190.094s)
hex dump (first 16 bytes):
7a 65 6c 64 61 2e 74 65 73 74 00 6b 6b 6b 6b a5 zelda.test.kkkk.
backtrace:
[<ffffffff8168106e>] kstrdup+0x2e/0x60
[<ffffffffa027a362>] smb3_fs_context_dup+0x392/0x8d0 [cifs]
[<ffffffffa0136353>] cifs_smb3_do_mount+0x143/0x1700 [cifs]
[<ffffffffa02795e8>] smb3_get_tree+0x2e8/0x520 [cifs]
[<ffffffff817a19aa>] vfs_get_tree+0x8a/0x2d0
[<ffffffff8181e3e3>] path_mount+0x423/0x1a10
[<ffffffff8181fbca>] __x64_sys_mount+0x1fa/0x270
[<ffffffff83ae364b>] do_syscall_64+0x3b/0x90
[<ffffffff83c0007c>] entry_SYSCALL_64_after_hwframe+0x44/0xae
unreferenced object 0xffff888111deed20 (size 32):
comm "mount.cifs", pid 3832, jiffies 4304536044 (age 189.918s)
hex dump (first 32 bytes):
44 46 53 52 4f 4f 54 31 2e 5a 45 4c 44 41 2e 54 DFSROOT1.ZELDA.T
45 53 54 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 EST.kkkkkkkkkkk.
backtrace:
[<ffffffff8168118d>] kstrndup+0x2d/0x90
[<ffffffffa027ab2e>] smb3_parse_devname+0x9e/0x360 [cifs]
[<ffffffffa01870c8>] cifs_setup_volume_info+0xa8/0x470 [cifs]
[<ffffffffa018c469>] connect_dfs_target+0x309/0xc80 [cifs]
[<ffffffffa018d6cb>] cifs_mount+0x8eb/0x17f0 [cifs]
[<ffffffffa0136475>] cifs_smb3_do_mount+0x265/0x1700 [cifs]
[<ffffffffa02795e8>] smb3_get_tree+0x2e8/0x520 [cifs]
[<ffffffff817a19aa>] vfs_get_tree+0x8a/0x2d0
[<ffffffff8181e3e3>] path_mount+0x423/0x1a10
[<ffffffff8181fbca>] __x64_sys_mount+0x1fa/0x270
[<ffffffff83ae364b>] do_syscall_64+0x3b/0x90
[<ffffffff83c0007c>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 7be3248f3139 ("cifs: To match file servers, make sure the server hostname matches")
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
fs/cifs/fs_context.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/cifs/fs_context.c
+++ b/fs/cifs/fs_context.c
@@ -322,6 +322,7 @@ smb3_fs_context_dup(struct smb3_fs_conte
new_ctx->nodename = NULL;
new_ctx->username = NULL;
new_ctx->password = NULL;
+ new_ctx->server_hostname = NULL;
new_ctx->domainname = NULL;
new_ctx->workstation_name = NULL;
new_ctx->UNC = NULL;
@@ -475,6 +476,7 @@ smb3_parse_devname(const char *devname,
return -EINVAL;
/* record the server hostname */
+ kfree(ctx->server_hostname);
ctx->server_hostname = kstrndup(devname + 2, pos - devname - 2, GFP_KERNEL);
if (!ctx->server_hostname)
return -ENOMEM;