From: Douglas Anderson <dianders@chromium.org>
Date: Tue, 30 May 2017 22:50:38 +0000 (-0700)
Subject: pstore: Fix leaked pstore_record in pstore_get_backend_records()
X-Git-Tag: v4.12.3~8
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=14f34e9e4c8f4e79f11020a6ca7a62e5902513bc;p=thirdparty%2Fkernel%2Fstable.git

pstore: Fix leaked pstore_record in pstore_get_backend_records()

commit f6525b96dd9f68efe374e5aef864975e628de991 upstream.

When the "if (record->size <= 0)" test is true in
pstore_get_backend_records() it's pretty clear that nobody holds a
reference to the allocated pstore_record, yet we don't free it.

Let's free it.

Fixes: 2a2b0acf768c ("pstore: Allocate records on heap instead of stack")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
index d468eec9b8a6b..9defe98ff8b1c 100644
--- a/fs/pstore/platform.c
+++ b/fs/pstore/platform.c
@@ -846,8 +846,10 @@ void pstore_get_backend_records(struct pstore_info *psi,
 		record->size = psi->read(record);
 
 		/* No more records left in backend? */
-		if (record->size <= 0)
+		if (record->size <= 0) {
+			kfree(record);
 			break;
+		}
 
 		decompress_record(record);
 		rc = pstore_mkfile(root, record);