On Tue, 13 Dec 2016 10:33:34 -0800 Cong Wang <[email protected]> wrote:
> posix_acl_update_mode() could possibly clear 'acl', if so > we leak the memory pointed by 'acl'. Save this pointer > before calling posix_acl_update_mode() and release the memory > if 'acl' really gets cleared. > > Reported-by: Mark Salyzyn <[email protected]> > Reviewed-by: Jan Kara <[email protected]> > Cc: Eric Van Hensbergen <[email protected]> > Cc: Ron Minnich <[email protected]> > Cc: Latchesar Ionkov <[email protected]> > Signed-off-by: Cong Wang <[email protected]> > --- Reviewed-by: Greg Kurz <[email protected]> > fs/9p/acl.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/9p/acl.c b/fs/9p/acl.c > index b3c2cc7..082d227 100644 > --- a/fs/9p/acl.c > +++ b/fs/9p/acl.c > @@ -277,6 +277,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler > *handler, > case ACL_TYPE_ACCESS: > if (acl) { > struct iattr iattr; > + struct posix_acl *old_acl = acl; > > retval = posix_acl_update_mode(inode, &iattr.ia_mode, > &acl); > if (retval) > @@ -287,6 +288,7 @@ static int v9fs_xattr_set_acl(const struct xattr_handler > *handler, > * by the mode bits. So don't > * update ACL. > */ > + posix_acl_release(old_acl); > value = NULL; > size = 0; > }
