reiserfs: Fix memory leak in reiserfs_parse_options()

When a usrjquota or grpjquota mount option is used multiple times, we
will leak memory allocated for the file name. Make sure the last setting
is used and all the previous ones are properly freed.

Reported-by: syzbot+c9e294bbe0333a6b7640@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index a6bce5b..1b9c7a3 100644 (file)
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -1258,6 +1258,10 @@ static int reiserfs_parse_options(struct super_block *s,
                                                 "turned on.");
                                return 0;
                        }
+                       if (qf_names[qtype] !=
+                           REISERFS_SB(s)->s_qf_names[qtype])
+                               kfree(qf_names[qtype]);
+                       qf_names[qtype] = NULL;
                        if (*arg) {     /* Some filename specified? */
                                if (REISERFS_SB(s)->s_qf_names[qtype]
                                    && strcmp(REISERFS_SB(s)->s_qf_names[qtype],
@@ -1287,10 +1291,6 @@ static int reiserfs_parse_options(struct super_block *s,
                                else
                                        *mount_options |= 1 << REISERFS_GRPQUOTA;
                        } else {
-                               if (qf_names[qtype] !=
-                                   REISERFS_SB(s)->s_qf_names[qtype])
-                                       kfree(qf_names[qtype]);
-                               qf_names[qtype] = NULL;
                                if (qtype == USRQUOTA)
                                        *mount_options &= ~(1 << REISERFS_USRQUOTA);
                                else