Kinglong Mee f98bac5a30 NFSD: Fix crash encoding lock reply on 32-bit ... Commit 8c7424cff6 "nfsd4: don't try to encode conflicting owner if low on space" forgot to free conf->data in nfsd4_encode_lockt and before sign conf->data to NULL in nfsd4_encode_lock_denied, causing a leak. Worse, kfree() can be called on an uninitialized pointer in the case of a succesful lock (or one that fails for a reason other than a conflict). (Note that lock->lk_denied.ld_owner.data appears it should be zero here, until you notice that it's one arm of a union the other arm of which is written to in the succesful case by the memcpy(&lock->lk_resp_stateid, &lock_stp->st_stid.sc_stateid, sizeof(stateid_t)); in nfsd4_lock(). In the 32-bit case this overwrites ld_owner.data.) Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Fixes: 8c7424cff6 ""nfsd4: don't try to encode conflicting owner if low on space" Signed-off-by: J. Bruce Fields <bfields@redhat.com>		2014-07-23 10:31:56 -04:00
..
acl.h
auth.c
auth.h
cache.h
current_stateid.h
export.c
export.h
fault_inject.c
idmap.h
Kconfig
lockd.c
Makefile
netns.h
nfs2acl.c
nfs3acl.c
nfs3proc.c
nfs3xdr.c
nfs4acl.c
nfs4callback.c
nfs4idmap.c
nfs4proc.c
nfs4recover.c
nfs4state.c
nfs4xdr.c	NFSD: Fix crash encoding lock reply on 32-bit	2014-07-23 10:31:56 -04:00
nfscache.c
nfsctl.c
nfsd.h
nfsfh.c
nfsfh.h
nfsproc.c
nfssvc.c
nfsxdr.c
state.h
stats.c
stats.h
vfs.c
vfs.h
xdr.h
xdr3.h
xdr4.h
xdr4cb.h