[Patch 4/9] fs/binfmt_script.c: fix resource leaks

From: WANG Cong
Date: Thu May 08 2008 - 09:56:45 EST


->load_binary()'s caller only frees resources which ->load_binary() applied
when it succeeded, so ->load_binary() itself should free the resources on
failure.


Signed-off-by: WANG Cong <wangcong@xxxxxxxxx>

---
diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c
index 9e3963f..2c10342 100644
--- a/fs/binfmt_script.c
+++ b/fs/binfmt_script.c
@@ -75,11 +75,13 @@ static int load_script(struct linux_binprm *bprm,struct pt_regs *regs)
bprm->argc++;
if (i_arg) {
retval = copy_strings_kernel(1, &i_arg, bprm);
- if (retval < 0) return retval;
+ if (retval < 0)
+ goto out;
bprm->argc++;
}
retval = copy_strings_kernel(1, &i_name, bprm);
- if (retval) return retval;
+ if (retval)
+ goto out;
bprm->argc++;
bprm->interp = interp;

@@ -87,14 +89,26 @@ static int load_script(struct linux_binprm *bprm,struct pt_regs *regs)
* OK, now restart the process with the interpreter's dentry.
*/
file = open_exec(interp);
- if (IS_ERR(file))
- return PTR_ERR(file);
+ if (IS_ERR(file)) {
+ retval = PTR_ERR(file);
+ goto out;
+ }

bprm->file = file;
retval = prepare_binprm(bprm);
- if (retval < 0)
- return retval;
+ if (retval < 0) {
+ if (bprm->file) {
+ allow_write_access(bprm->file);
+ fput(bprm->file);
+ }
+ goto out;
+ }
+
return search_binary_handler(bprm,regs);
+
+out:
+ free_arg_pages(bprm);
+ return retval;
}

static struct linux_binfmt script_format = {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/