FROMLIST: 9p: fix a potential acl leak

(https://lkml.org/lkml/2016/12/13/579) posix_acl_update_mode() could possibly clear 'acl', if so we leak the memory pointed by 'acl'. Save this pointer before calling posix_acl_update_mode() and release the memory if 'acl' really gets cleared. Reported-by: Mark Salyzyn <salyzyn@android.com> Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Greg Kurz <groug@kaod.org> Cc: Eric Van Hensbergen <ericvh@gmail.com> Cc: Ron Minnich <rminnich@sandia.gov> Cc: Latchesar Ionkov <lucho@ionkov.net> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Bug: 32458736 Change-Id: Ia78da401e6fd1bfd569653bd2cd0ebd3f9c737a0
author: Cong Wang <xiyou.wangcong@gmail.com> 2016-12-13 10:33:34 -0800
committer: Mister Oyster <oysterized@gmail.com> 2017-04-17 00:55:43 +0200
commit: 2dd0ccb74bc6162efd6723055f6b7d27d52f4ed8 (patch)
tree: 10486e06c44eee1e85e47fbf8707e6e949945d3a
parent: 18d8354a1d8ae018837c5935d552b2f9aa8c3dc4 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/9p/acl.c b/fs/9p/acl.c
index 9686c1f17..c19a66472 100644
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -321,6 +321,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
 		name = POSIX_ACL_XATTR_ACCESS;
 		if (acl) {
 			struct iattr iattr;
+			struct posix_acl *old_acl = acl;
 
 			retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
 			if (retval)
@@ -331,6 +332,7 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,
 				 * by the mode bits. So don't
 				 * update ACL.
 				 */
+				posix_acl_release(old_acl);
 				value = NULL;
 				size = 0;
 			}
author	Cong Wang <xiyou.wangcong@gmail.com>	2016-12-13 10:33:34 -0800
committer	Mister Oyster <oysterized@gmail.com>	2017-04-17 00:55:43 +0200
commit	2dd0ccb74bc6162efd6723055f6b7d27d52f4ed8 (patch)
tree	10486e06c44eee1e85e47fbf8707e6e949945d3a
parent	18d8354a1d8ae018837c5935d552b2f9aa8c3dc4 (diff)