cifs: fix double-free of "string" in cifs_parse_mount_options

Dan reported the following regression in commit d387a5c5: + fs/cifs/connect.c:1903 cifs_parse_mount_options() error: double free of 'string' That patch has some of the new option parsing code free "string" without setting the variable to NULL afterward. Since "string" is automatically freed in an error condition, fix the code to just rely on that instead of freeing it explicitly. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>

cifs: fix double-free of "string" in cifs_parse_mount_options
Dan reported the following regression in commit d387a5c5: + fs/cifs/connect.c:1903 cifs_parse_mount_options() error: double free of 'string' That patch has some of the new option parsing code free "string" without setting the variable to NULL afterward. Since "string" is automatically freed in an error condition, fix the code to just rely on that instead of freeing it explicitly. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
Jeff Layton · Steve French
1 parent 1800098549
Showing 1 changed file with 2 additions and 7 deletions Side-by-side Diff
fs/cifs/connect.c
@@ -1624,14 +1624,11 @@
 		case Opt_unc:
 			string = vol->UNC;
 			vol->UNC = match_strdup(args);
-			if (vol->UNC == NULL) {
-				kfree(string);
+			if (vol->UNC == NULL)
 				goto out_nomem;
-			}
  
 			convert_delimiter(vol->UNC, '\\');
 			if (vol->UNC[0] != '\\' || vol->UNC[1] != '\\') {
-				kfree(string);
 				printk(KERN_ERR "CIFS: UNC Path does not "
 						"begin with // or \\\\\n");
 				goto cifs_parse_mount_err;
  
@@ -1687,10 +1684,8 @@
  
 			string = vol->prepath;
 			vol->prepath = match_strdup(args);
-			if (vol->prepath == NULL) {
-				kfree(string);
+			if (vol->prepath == NULL)
 				goto out_nomem;
-			}
 			/* Compare old prefixpath= option to new one */
 			if (!string || strcmp(string, vol->prepath))
 				printk(KERN_WARNING "CIFS: the value of the "
...	...	@@ -1624,14 +1624,11 @@
1624	1624	case Opt_unc:
1625	1625	string = vol->UNC;
1626	1626	vol->UNC = match_strdup(args);
1627		- if (vol->UNC == NULL) {
1628		- kfree(string);
	1627	+ if (vol->UNC == NULL)
1629	1628	goto out_nomem;
1630		- }
1631	1629
1632	1630	convert_delimiter(vol->UNC, '\\');
1633	1631	if (vol->UNC[0] != '\\' \|\| vol->UNC[1] != '\\') {
1634		- kfree(string);
1635	1632	printk(KERN_ERR "CIFS: UNC Path does not "
1636	1633	"begin with // or \\\\\n");
1637	1634	goto cifs_parse_mount_err;
1638	1635
...	...	@@ -1687,10 +1684,8 @@
1687	1684
1688	1685	string = vol->prepath;
1689	1686	vol->prepath = match_strdup(args);
1690		- if (vol->prepath == NULL) {
1691		- kfree(string);
	1687	+ if (vol->prepath == NULL)
1692	1688	goto out_nomem;
1693		- }
1694	1689	/* Compare old prefixpath= option to new one */
1695	1690	if (!string \|\| strcmp(string, vol->prepath))
1696	1691	printk(KERN_WARNING "CIFS: the value of the "