From 7aa69c4d0d997d995167683d18cb1e85d69e6018 Mon Sep 17 00:00:00 2001
From: Marin Hannache <git@mareo.fr>
Date: Wed, 12 Mar 2014 16:26:24 +0100
Subject: [PATCH] [nfs] Fix an invalid free() when loading a symlink

Signed-off-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/oncrpc/nfs_open.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/net/oncrpc/nfs_open.c b/src/net/oncrpc/nfs_open.c
index 349957ff..e9f5f9cf 100644
--- a/src/net/oncrpc/nfs_open.c
+++ b/src/net/oncrpc/nfs_open.c
@@ -145,6 +145,8 @@ static void nfs_done ( struct nfs_request *nfs, int rc ) {
 
 	DBGC ( nfs, "NFS_OPEN %p completed (%s)\n", nfs, strerror ( rc ) );
 
+	free ( nfs->filename );
+
 	intf_shutdown ( &nfs->xfer, rc );
 	intf_shutdown ( &nfs->pm_intf, rc );
 	intf_shutdown ( &nfs->mount_intf, rc );
@@ -334,6 +336,15 @@ static int nfs_mount_deliver ( struct nfs_request *nfs,
 			goto done;
 		}
 
+		/* We need to strdup() nfs->filename since the code handling
+		 * symlink resolution make the assumption that it can be
+		 * free()ed. */
+		if ( ( nfs->filename = strdup ( nfs->filename ) ) == NULL )
+		{
+			rc = -ENOMEM;
+			goto err;
+		}
+
 		nfs->current_fh = mnt_reply.fh;
 		nfs->nfs_state = NFS_LOOKUP;
 		nfs_step ( nfs );