This is a note to let you know that I've just added the patch titled
ubifs: free the encrypted symlink target
to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: ubifs-free-the-encrypted-symlink-target.patch and it can be found in the queue-4.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 6b46d444146eb8d0b99562795cea8086639d7282 Mon Sep 17 00:00:00 2001
From: Eric Biggers ebiggers@google.com Date: Thu, 11 Jan 2018 23:27:00 -0500 Subject: ubifs: free the encrypted symlink target
From: Eric Biggers ebiggers@google.com
commit 6b46d444146eb8d0b99562795cea8086639d7282 upstream.
ubifs_symlink() forgot to free the kmalloc()'ed buffer holding the encrypted symlink target, creating a memory leak. Fix it.
(UBIFS could actually encrypt directly into ui->data, removing the temporary buffer, but that is left for the patch that switches to use the symlink helper functions.)
Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks") Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Theodore Ts'o tytso@mit.edu Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/ubifs/dir.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-)
--- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1216,10 +1216,8 @@ static int ubifs_symlink(struct inode *d ostr.len = disk_link.len;
err = fscrypt_fname_usr_to_disk(inode, &istr, &ostr); - if (err) { - kfree(sd); + if (err) goto out_inode; - }
sd->len = cpu_to_le16(ostr.len); disk_link.name = (char *)sd; @@ -1251,11 +1249,10 @@ static int ubifs_symlink(struct inode *d goto out_cancel; mutex_unlock(&dir_ui->ui_mutex);
- ubifs_release_budget(c, &req); insert_inode_hash(inode); d_instantiate(dentry, inode); - fscrypt_free_filename(&nm); - return 0; + err = 0; + goto out_fname;
out_cancel: dir->i_size -= sz_change; @@ -1268,6 +1265,7 @@ out_fname: fscrypt_free_filename(&nm); out_budg: ubifs_release_budget(c, &req); + kfree(sd); return err; }
Patches currently in stable-queue which might be from ebiggers@google.com are
queue-4.15/ubifs-free-the-encrypted-symlink-target.patch queue-4.15/nfs-reject-request-for-id_legacy-key-without-auxdata.patch
linux-stable-mirror@lists.linaro.org