Commit b8155e95 authored by Dan Carpenter's avatar Dan Carpenter Committed by Konstantin Komarov

fs/ntfs3: Fix error handling in indx_insert_into_root()

There are three bugs in this code:
1) If indx_get_root() fails, then return -EINVAL instead of success.
2) On the "/* make root external */" -EOPNOTSUPP; error path it should
   free "re" but it has a memory leak.
3) If indx_new() fails then it will lead to an error pointer dereference
   when we call put_indx_node().

I've re-written the error handling to be more clear.

Fixes: 82cae269 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: default avatarKari Argillander <kari.argillander@gmail.com>
Signed-off-by: default avatarKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
parent 8c83a485
...@@ -1555,12 +1555,12 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1555,12 +1555,12 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
u32 root_size, new_root_size; u32 root_size, new_root_size;
struct ntfs_sb_info *sbi; struct ntfs_sb_info *sbi;
int ds_root; int ds_root;
struct INDEX_ROOT *root, *a_root = NULL; struct INDEX_ROOT *root, *a_root;
/* Get the record this root placed in */ /* Get the record this root placed in */
root = indx_get_root(indx, ni, &attr, &mi); root = indx_get_root(indx, ni, &attr, &mi);
if (!root) if (!root)
goto out; return -EINVAL;
/* /*
* Try easy case: * Try easy case:
...@@ -1592,10 +1592,8 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1592,10 +1592,8 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
/* Make a copy of root attribute to restore if error */ /* Make a copy of root attribute to restore if error */
a_root = kmemdup(attr, asize, GFP_NOFS); a_root = kmemdup(attr, asize, GFP_NOFS);
if (!a_root) { if (!a_root)
err = -ENOMEM; return -ENOMEM;
goto out;
}
/* copy all the non-end entries from the index root to the new buffer.*/ /* copy all the non-end entries from the index root to the new buffer.*/
to_move = 0; to_move = 0;
...@@ -1605,7 +1603,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1605,7 +1603,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
for (e = e0;; e = hdr_next_de(hdr, e)) { for (e = e0;; e = hdr_next_de(hdr, e)) {
if (!e) { if (!e) {
err = -EINVAL; err = -EINVAL;
goto out; goto out_free_root;
} }
if (de_is_last(e)) if (de_is_last(e))
...@@ -1613,14 +1611,13 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1613,14 +1611,13 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
to_move += le16_to_cpu(e->size); to_move += le16_to_cpu(e->size);
} }
n = NULL;
if (!to_move) { if (!to_move) {
re = NULL; re = NULL;
} else { } else {
re = kmemdup(e0, to_move, GFP_NOFS); re = kmemdup(e0, to_move, GFP_NOFS);
if (!re) { if (!re) {
err = -ENOMEM; err = -ENOMEM;
goto out; goto out_free_root;
} }
} }
...@@ -1637,7 +1634,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1637,7 +1634,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
if (ds_root > 0 && used + ds_root > sbi->max_bytes_per_attr) { if (ds_root > 0 && used + ds_root > sbi->max_bytes_per_attr) {
/* make root external */ /* make root external */
err = -EOPNOTSUPP; err = -EOPNOTSUPP;
goto out; goto out_free_re;
} }
if (ds_root) if (ds_root)
...@@ -1667,7 +1664,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1667,7 +1664,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
/* bug? */ /* bug? */
ntfs_set_state(sbi, NTFS_DIRTY_ERROR); ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
err = -EINVAL; err = -EINVAL;
goto out1; goto out_free_re;
} }
if (err) { if (err) {
...@@ -1678,7 +1675,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1678,7 +1675,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
/* bug? */ /* bug? */
ntfs_set_state(sbi, NTFS_DIRTY_ERROR); ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
} }
goto out1; goto out_free_re;
} }
e = (struct NTFS_DE *)(root + 1); e = (struct NTFS_DE *)(root + 1);
...@@ -1689,7 +1686,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1689,7 +1686,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
n = indx_new(indx, ni, new_vbn, sub_vbn); n = indx_new(indx, ni, new_vbn, sub_vbn);
if (IS_ERR(n)) { if (IS_ERR(n)) {
err = PTR_ERR(n); err = PTR_ERR(n);
goto out1; goto out_free_re;
} }
hdr = &n->index->ihdr; hdr = &n->index->ihdr;
...@@ -1716,7 +1713,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1716,7 +1713,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
put_indx_node(n); put_indx_node(n);
fnd_clear(fnd); fnd_clear(fnd);
err = indx_insert_entry(indx, ni, new_de, ctx, fnd); err = indx_insert_entry(indx, ni, new_de, ctx, fnd);
goto out; goto out_free_root;
} }
/* /*
...@@ -1726,7 +1723,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1726,7 +1723,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
e = hdr_insert_de(indx, hdr, new_de, NULL, ctx); e = hdr_insert_de(indx, hdr, new_de, NULL, ctx);
if (!e) { if (!e) {
err = -EINVAL; err = -EINVAL;
goto out1; goto out_put_n;
} }
fnd_push(fnd, n, e); fnd_push(fnd, n, e);
...@@ -1735,12 +1732,11 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni, ...@@ -1735,12 +1732,11 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
n = NULL; n = NULL;
out1: out_put_n:
put_indx_node(n);
out_free_re:
kfree(re); kfree(re);
if (n) out_free_root:
put_indx_node(n);
out:
kfree(a_root); kfree(a_root);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment