[PATCH AUTOSEL 4.4 1/9] autofs: fix a leak in autofs_expire_indirect()

From: Sasha Levin
Date: Fri Nov 22 2019 - 14:51:13 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 4.9 12/13] ax88172a: fix information leak on short answers"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.4 2/9] NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 3/9] Input: cyttsp4_core - fix use after free bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

[ Upstream commit 03ad0d703df75c43f78bd72e16124b5b94a95188 ]

if the second call of should_expire() in there ends up
grabbing and returning a new reference to dentry, we need
to drop it before continuing.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
fs/autofs4/expire.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/autofs4/expire.c b/fs/autofs4/expire.c
index 0d8b9c4f27f21..5124f06c32bcc 100644
--- a/fs/autofs4/expire.c
+++ b/fs/autofs4/expire.c
@@ -467,9 +467,10 @@ struct dentry *autofs4_expire_indirect(struct super_block *sb,
*/
flags &= ~AUTOFS_EXP_LEAVES;
found = should_expire(expired, mnt, timeout, how);
- if (!found || found != expired)
- /* Something has changed, continue */
+ if (found != expired) { // something has changed, continue
+ dput(found);
goto next;
+ }

if (expired != dentry)
dput(dentry);
--
2.20.1

Next message: Sasha Levin: "[PATCH AUTOSEL 4.9 12/13] ax88172a: fix information leak on short answers"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.4 2/9] NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 3/9] Input: cyttsp4_core - fix use after free bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]