[PATCH] SMB: fix memory leak in smb3_validate_negotiate
From: Shu WangFound the issue by kmemleak. The pointer pneg_rsp stores the pointer kmalloced from SMB2_ioctl, and should be release before function return. unreferenced object 0x88018c2b1900 (size 32): backtrace: kmemleak_alloc+0x4a/0xa0 __kmalloc+0xec/0x220 SMB2_ioctl+0x27a/0x3c0 [cifs] smb3_validate_negotiate+0x135/0x370 [cifs] SMB2_tcon+0x308/0xae0 [cifs] cifs_put_tcp_session+0x4a5/0x900 [cifs] cifs_mount+0x6f4/0x15f0 [cifs] Signed-off-by: Shu Wang --- fs/cifs/smb2pdu.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 6f0e6343c15e..4785ed8e1589 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -727,8 +727,10 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) rsplen); /* relax check since Mac returns max bufsize allowed on ioctl */ - if (rsplen > CIFSMaxBufSize) + if (rsplen > CIFSMaxBufSize) { + kfree(pneg_rsp); return -EIO; + } } /* check validate negotiate info response matches what we got earlier */ @@ -747,10 +749,12 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) /* validate negotiate successful */ cifs_dbg(FYI, "validate negotiate info successful\n"); + kfree(pneg_rsp); return 0; vneg_out: cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n"); + kfree(pneg_rsp); return -EIO; } -- 2.13.5
[PATCH] SMB: fix memory leak in smb3_validate_negotiate
From: Shu Wang Found the issue by kmemleak. The pointer pneg_rsp stores the pointer kmalloced from SMB2_ioctl, and should be release before function return. unreferenced object 0x88018c2b1900 (size 32): backtrace: kmemleak_alloc+0x4a/0xa0 __kmalloc+0xec/0x220 SMB2_ioctl+0x27a/0x3c0 [cifs] smb3_validate_negotiate+0x135/0x370 [cifs] SMB2_tcon+0x308/0xae0 [cifs] cifs_put_tcp_session+0x4a5/0x900 [cifs] cifs_mount+0x6f4/0x15f0 [cifs] Signed-off-by: Shu Wang --- fs/cifs/smb2pdu.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 6f0e6343c15e..4785ed8e1589 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -727,8 +727,10 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) rsplen); /* relax check since Mac returns max bufsize allowed on ioctl */ - if (rsplen > CIFSMaxBufSize) + if (rsplen > CIFSMaxBufSize) { + kfree(pneg_rsp); return -EIO; + } } /* check validate negotiate info response matches what we got earlier */ @@ -747,10 +749,12 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) /* validate negotiate successful */ cifs_dbg(FYI, "validate negotiate info successful\n"); + kfree(pneg_rsp); return 0; vneg_out: cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n"); + kfree(pneg_rsp); return -EIO; } -- 2.13.5
[PATCH] SMB fix
On 07.16, J.A. Magallon wrote: > > On 07.15, Andrew Morton wrote: > > > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.13-rc3/2.6.13-rc3-mm1/ > > --- linux-2.6.12/fs/smbfs/request.c~2005-07-07 14:41:11.0 -0400 +++ linux-2.6.12/fs/smbfs/request.c 2005-07-07 14:41:22.0 -0400 @@ -348,6 +348,7 @@ int smb_add_request(struct smb_request * smb_rput(req); } smb_unlock_server(server); + return -EINTR; } if (!timeleft) { -- J.A. Magallon \ Software is like sex: werewolf!able!es \ It's better when it's free Mandriva Linux release 2006.0 (Cooker) for i586 Linux 2.6.12-jam9 (gcc 4.0.1 (4.0.1-0.2mdk for Mandriva Linux release 2006.0)) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] SMB fix
On 07.16, J.A. Magallon wrote: On 07.15, Andrew Morton wrote: ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.13-rc3/2.6.13-rc3-mm1/ --- linux-2.6.12/fs/smbfs/request.c~2005-07-07 14:41:11.0 -0400 +++ linux-2.6.12/fs/smbfs/request.c 2005-07-07 14:41:22.0 -0400 @@ -348,6 +348,7 @@ int smb_add_request(struct smb_request * smb_rput(req); } smb_unlock_server(server); + return -EINTR; } if (!timeleft) { -- J.A. Magallon jamagallon()able!es \ Software is like sex: werewolf!able!es \ It's better when it's free Mandriva Linux release 2006.0 (Cooker) for i586 Linux 2.6.12-jam9 (gcc 4.0.1 (4.0.1-0.2mdk for Mandriva Linux release 2006.0)) - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/