From 975feeb30bb8a19274c38af7f2caeeb440ba4be7 Mon Sep 17 00:00:00 2001 From: Yuezhang Mo Date: Mon, 4 Nov 2024 10:51:53 +0800 Subject: [PATCH] exfat: fix memory leak in exfat_load_bitmap() mainline inclusion from mainline-v6.12-rc1 commit d2b537b3e533f28e0d97293fe9293161fe8cd137 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRBG CVE: CVE-2024-50013 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2b537b3e533f28e0d97293fe9293161fe8cd137 -------------------------------- If the first directory entry in the root directory is not a bitmap directory entry, 'bh' will not be released and reassigned, which will cause a memory leak. Fixes: 1e49a94cf707 ("exfat: add bitmap operations") Cc: stable@vger.kernel.org Signed-off-by: Yuezhang Mo Reviewed-by: Aoyama Wataru Signed-off-by: Namjae Jeon Signed-off-by: Yongjian Sun --- fs/exfat/balloc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/exfat/balloc.c b/fs/exfat/balloc.c index ab091440e8b9..0501b8c04d8d 100644 --- a/fs/exfat/balloc.c +++ b/fs/exfat/balloc.c @@ -110,11 +110,8 @@ int exfat_load_bitmap(struct super_block *sb) return -EIO; type = exfat_get_entry_type(ep); - if (type == TYPE_UNUSED) - break; - if (type != TYPE_BITMAP) - continue; - if (ep->dentry.bitmap.flags == 0x0) { + if (type == TYPE_BITMAP && + ep->dentry.bitmap.flags == 0x0) { int err; err = exfat_allocate_bitmap(sb, ep); @@ -122,6 +119,9 @@ int exfat_load_bitmap(struct super_block *sb) return err; } brelse(bh); + + if (type == TYPE_UNUSED) + return -EINVAL; } if (exfat_get_next_cluster(sb, &clu.dir)) -- Gitee