From patchwork Thu Dec 13 11:02:51 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 1871731 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 22E92DF2EF for ; Thu, 13 Dec 2012 11:03:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753504Ab2LMLDA (ORCPT ); Thu, 13 Dec 2012 06:03:00 -0500 Received: from mail-yh0-f52.google.com ([209.85.213.52]:44513 "EHLO mail-yh0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753187Ab2LMLDA (ORCPT ); Thu, 13 Dec 2012 06:03:00 -0500 Received: by mail-yh0-f52.google.com with SMTP id o22so429446yho.11 for ; Thu, 13 Dec 2012 03:02:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer :x-gm-message-state; bh=M1+Lw0jOKgu2yPPfyRootDa2f9OAs2GA3XKCRMqSySc=; b=BzsgksO6xNZklpbBVYeYZ93cx+vjhvoqcZGubbzTMRaKIPpSuZTpzKuQnFlb8eObcE NcfNjGeZAed/Zx6idk8yVp81bnabAvzY94VwbzW1I5nVwpYOXuMkHOenNIGU74mnzzi+ ZmRVKH2TQredthMgfC3n0oCLVA92knFzJe/A3J2l8tq+euaCoRDBH6P5yg9sZIJl/M1O DV0mq3y2szP/WYNAnnPXn9LCKG70VWnXR1f6yJ3YmsPWGY19z9Yb/EkYiDUk5RSgSe8D Mu4RDVRCI2CQ0QNWCEtcL/S027B4EMx6rQFMj3zyT5JoPoSDgYRPcmOllTm01LmrryZE /Xhw== Received: by 10.101.3.34 with SMTP id f34mr338447ani.71.1355396579325; Thu, 13 Dec 2012 03:02:59 -0800 (PST) Received: from salusa.poochiereds.net (cpe-107-015-113-143.nc.res.rr.com. [107.15.113.143]) by mx.google.com with ESMTPS id l17sm872382ank.4.2012.12.13.03.02.55 (version=SSLv3 cipher=OTHER); Thu, 13 Dec 2012 03:02:57 -0800 (PST) From: Jeff Layton To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, dan.carpenter@oracle.com Subject: [PATCH] cifs: fix double-free of "string" in cifs_parse_mount_options Date: Thu, 13 Dec 2012 06:02:51 -0500 Message-Id: <1355396571-19510-1-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.7.11.7 X-Gm-Message-State: ALoCoQnf1qoWBF+JyyTclikvOX/eB4k5wBq/qcdjrS/4PhVeOMBWiI7bv5SE5TGmqlj6Q8rv2WsF Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org Dan reported the following regression in commit d387a5c5: + fs/cifs/connect.c:1903 cifs_parse_mount_options() error: double free of 'string' That patch has some of the new option parsing code free "string" without setting the variable to NULL afterward. Since "string" is automatically freed in an error condition, fix the code to just rely on that instead of freeing it explicitly. Reported-by: Dan Carpenter Signed-off-by: Jeff Layton --- fs/cifs/connect.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 7635b5d..17c3643 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1624,14 +1624,11 @@ cifs_parse_mount_options(const char *mountdata, const char *devname, case Opt_unc: string = vol->UNC; vol->UNC = match_strdup(args); - if (vol->UNC == NULL) { - kfree(string); + if (vol->UNC == NULL) goto out_nomem; - } convert_delimiter(vol->UNC, '\\'); if (vol->UNC[0] != '\\' || vol->UNC[1] != '\\') { - kfree(string); printk(KERN_ERR "CIFS: UNC Path does not " "begin with // or \\\\\n"); goto cifs_parse_mount_err; @@ -1687,10 +1684,8 @@ cifs_parse_mount_options(const char *mountdata, const char *devname, string = vol->prepath; vol->prepath = match_strdup(args); - if (vol->prepath == NULL) { - kfree(string); + if (vol->prepath == NULL) goto out_nomem; - } /* Compare old prefixpath= option to new one */ if (!string || strcmp(string, vol->prepath)) printk(KERN_WARNING "CIFS: the value of the "