reiserfs: Fix memory leak in reiserfs_parse_options()

When a usrjquota or grpjquota mount option is used multiple times, we
will leak memory allocated for the file name. Make sure the last setting
is used and all the previous ones are properly freed.

Reported-by: syzbot+c9e294bbe0333a6b7640@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index a6bce5b1fb1dcd3cf1889f2ff0a13cc23f5d4ea6..1b9c7a387dc7101dc30011d943019893ce027143 100644 (file)
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -1258,6 +1258,10 @@ static int reiserfs_parse_options(struct super_block *s,
                                                 "turned on.");
                                return 0;
                        }
+                       if (qf_names[qtype] !=
+                           REISERFS_SB(s)->s_qf_names[qtype])
+                               kfree(qf_names[qtype]);
+                       qf_names[qtype] = NULL;
                        if (*arg) {     /* Some filename specified? */
                                if (REISERFS_SB(s)->s_qf_names[qtype]
                                    && strcmp(REISERFS_SB(s)->s_qf_names[qtype],
@@ -1287,10 +1291,6 @@ static int reiserfs_parse_options(struct super_block *s,
                                else
                                        *mount_options |= 1 << REISERFS_GRPQUOTA;
                        } else {
-                               if (qf_names[qtype] !=
-                                   REISERFS_SB(s)->s_qf_names[qtype])
-                                       kfree(qf_names[qtype]);
-                               qf_names[qtype] = NULL;
                                if (qtype == USRQUOTA)
                                        *mount_options &= ~(1 << REISERFS_USRQUOTA);
                                else