Commit 8c094637 authored Mar 25, 2025 by Christophe JAILLET Committed by Zizhi Wo Mar 25, 2025

fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()'

stable inclusion
from stable-v5.15.46
commit d8be98ab88250dc12a98efdb703792a537b0eac3
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP6NP
CVE: CVE-2021-47660

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8be98ab88250dc12a98efdb703792a537b0eac3



--------------------------------

commit e589f9b7 upstream.

All error handling paths lead to 'out' where many resources are freed.

Do it as well here instead of a direct return, otherwise 'log', 'ra' and
'log->one_page_buf' (at least) will leak.

Fixes: b46acd6a ("fs/ntfs3: Add NTFS journal")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>

parent 261e0bd2

fs/ntfs3/fslog.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -4096,8 +4096,10 @@ int log_replay(struct ntfs_inode ni, bool initialized)
		if (client == LFS_NO_CLIENT_LE) {
		/* Insert "NTFS" client LogFile. */
		client = ra->client_idx[0];
		if (client == LFS_NO_CLIENT_LE)
		return -EINVAL;
		if (client == LFS_NO_CLIENT_LE) {
		err = -EINVAL;
		goto out;
		}

		t16 = le16_to_cpu(client);
		cr = ca + t16;