In the Linux kernel, the following vulnerability has been resolved:
isofs: avoid memory leak in iocharset
A memleak was found as below:
unreferenced object 0xffff0000d10164d8 (size 8):
comm "pool-udisksd", pid 108217, jiffies 4295408555
hex dump (first 8 bytes):
75 74 66 38 00 cc cc cc utf8....
backtrace (crc de430d31):
[] kmemleak_alloc+0xb8/0xc8
[] __kmalloc_node_track_caller_noprof+0x380/0x474
[] kstrdup+0x70/0xfc
[] isofs_parse_param+0x228/0x2c0 [isofs]
[] vfs_parse_fs_param+0xf4/0x164
[] vfs_parse_fs_string+0x8c/0xd4
[] vfs_parse_monolithic_sep+0xb0/0xfc
[] generic_parse_monolithic+0x30/0x3c
[] parse_monolithic_mount_data+0x40/0x4c
[] path_mount+0x6c4/0x9ec
[] do_mount+0xac/0xc4
[] __arm64_sys_mount+0x16c/0x2b0
[] invoke_syscall+0x7c/0x104
[] el0_svc_common.constprop.1+0xe0/0x104
[] do_el0_svc+0x2c/0x38
[] el0_svc+0x3c/0x1b8
The opt->iocharset is freed inside the isofs_fill_super function,
But there may be situations where it's not possible to
enter this function.
For example, in the get_tree_bdev_flags function,when
encountering the situation where "Can't mount, would change RO state,"
In such a case, isofs_fill_super will not have the opportunity
to be called,which means that opt->iocharset will not have the chance
to be freed,ultimately leading to a memory leak.
Let's move the memory freeing of opt->iocharset into
isofs_free_fc function.
References
In the Linux kernel, the following vulnerability has been resolved:
isofs: avoid memory leak in iocharset
A memleak was found as below:
unreferenced object 0xffff0000d10164d8 (size 8):
comm "pool-udisksd", pid 108217, jiffies 4295408555
hex dump (first 8 bytes):
75 74 66 38 00 cc cc cc utf8....
backtrace (crc de430d31):
[] kmemleak_alloc+0xb8/0xc8
[] __kmalloc_node_track_caller_noprof+0x380/0x474
[] kstrdup+0x70/0xfc
[] isofs_parse_param+0x228/0x2c0 [isofs]
[] vfs_parse_fs_param+0xf4/0x164
[] vfs_parse_fs_string+0x8c/0xd4
[] vfs_parse_monolithic_sep+0xb0/0xfc
[] generic_parse_monolithic+0x30/0x3c
[] parse_monolithic_mount_data+0x40/0x4c
[] path_mount+0x6c4/0x9ec
[] do_mount+0xac/0xc4
[] __arm64_sys_mount+0x16c/0x2b0
[] invoke_syscall+0x7c/0x104
[] el0_svc_common.constprop.1+0xe0/0x104
[] do_el0_svc+0x2c/0x38
[] el0_svc+0x3c/0x1b8
The opt->iocharset is freed inside the isofs_fill_super function,
But there may be situations where it's not possible to
enter this function.
For example, in the get_tree_bdev_flags function,when
encountering the situation where "Can't mount, would change RO state,"
In such a case, isofs_fill_super will not have the opportunity
to be called,which means that opt->iocharset will not have the chance
to be freed,ultimately leading to a memory leak.
Let's move the memory freeing of opt->iocharset into
isofs_free_fc function.
References