| From 8dae5398ab1ac107b1517e8195ed043d5f422bd0 Mon Sep 17 00:00:00 2001 |
| From: Chuck Lever <chuck.lever@oracle.com> |
| Date: Fri, 30 Nov 2018 15:39:57 -0500 |
| Subject: SUNRPC: Fix leak of krb5p encode pages |
| |
| From: Chuck Lever <chuck.lever@oracle.com> |
| |
| commit 8dae5398ab1ac107b1517e8195ed043d5f422bd0 upstream. |
| |
| call_encode can be invoked more than once per RPC call. Ensure that |
| each call to gss_wrap_req_priv does not overwrite pointers to |
| previously allocated memory. |
| |
| Signed-off-by: Chuck Lever <chuck.lever@oracle.com> |
| Cc: stable@kernel.org |
| Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| net/sunrpc/auth_gss/auth_gss.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/net/sunrpc/auth_gss/auth_gss.c |
| +++ b/net/sunrpc/auth_gss/auth_gss.c |
| @@ -1721,6 +1721,7 @@ priv_release_snd_buf(struct rpc_rqst *rq |
| for (i=0; i < rqstp->rq_enc_pages_num; i++) |
| __free_page(rqstp->rq_enc_pages[i]); |
| kfree(rqstp->rq_enc_pages); |
| + rqstp->rq_release_snd_buf = NULL; |
| } |
| |
| static int |
| @@ -1729,6 +1730,9 @@ alloc_enc_pages(struct rpc_rqst *rqstp) |
| struct xdr_buf *snd_buf = &rqstp->rq_snd_buf; |
| int first, last, i; |
| |
| + if (rqstp->rq_release_snd_buf) |
| + rqstp->rq_release_snd_buf(rqstp); |
| + |
| if (snd_buf->page_len == 0) { |
| rqstp->rq_enc_pages_num = 0; |
| return 0; |