subject:"\[PATCH\] SMB fix"

[PATCH] SMB: fix memory leak in smb3_validate_negotiate

2017-10-20 Thread shuwang

From: Shu Wang 

Found the issue by kmemleak. The pointer pneg_rsp stores the
pointer kmalloced from SMB2_ioctl, and should be release
before function return.

unreferenced object 0x88018c2b1900 (size 32):
  backtrace:
kmemleak_alloc+0x4a/0xa0
__kmalloc+0xec/0x220
SMB2_ioctl+0x27a/0x3c0 [cifs]
smb3_validate_negotiate+0x135/0x370 [cifs]
SMB2_tcon+0x308/0xae0 [cifs]
cifs_put_tcp_session+0x4a5/0x900 [cifs]
cifs_mount+0x6f4/0x15f0 [cifs]

Signed-off-by: Shu Wang 
---
 fs/cifs/smb2pdu.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6f0e6343c15e..4785ed8e1589 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -727,8 +727,10 @@ int smb3_validate_negotiate(const unsigned int xid, struct 
cifs_tcon *tcon)
 rsplen);
 
/* relax check since Mac returns max bufsize allowed on ioctl */
-   if (rsplen > CIFSMaxBufSize)
+   if (rsplen > CIFSMaxBufSize) {
+   kfree(pneg_rsp);
return -EIO;
+   }
}
 
/* check validate negotiate info response matches what we got earlier */
@@ -747,10 +749,12 @@ int smb3_validate_negotiate(const unsigned int xid, 
struct cifs_tcon *tcon)
 
/* validate negotiate successful */
cifs_dbg(FYI, "validate negotiate info successful\n");
+   kfree(pneg_rsp);
return 0;
 
 vneg_out:
cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n");
+   kfree(pneg_rsp);
return -EIO;
 }
 
-- 
2.13.5

[PATCH] SMB: fix memory leak in smb3_validate_negotiate

2017-10-20 Thread shuwang

From: Shu Wang 

Found the issue by kmemleak. The pointer pneg_rsp stores the
pointer kmalloced from SMB2_ioctl, and should be release
before function return.

unreferenced object 0x88018c2b1900 (size 32):
  backtrace:
kmemleak_alloc+0x4a/0xa0
__kmalloc+0xec/0x220
SMB2_ioctl+0x27a/0x3c0 [cifs]
smb3_validate_negotiate+0x135/0x370 [cifs]
SMB2_tcon+0x308/0xae0 [cifs]
cifs_put_tcp_session+0x4a5/0x900 [cifs]
cifs_mount+0x6f4/0x15f0 [cifs]

Signed-off-by: Shu Wang 
---
 fs/cifs/smb2pdu.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6f0e6343c15e..4785ed8e1589 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -727,8 +727,10 @@ int smb3_validate_negotiate(const unsigned int xid, struct 
cifs_tcon *tcon)
 rsplen);
 
/* relax check since Mac returns max bufsize allowed on ioctl */
-   if (rsplen > CIFSMaxBufSize)
+   if (rsplen > CIFSMaxBufSize) {
+   kfree(pneg_rsp);
return -EIO;
+   }
}
 
/* check validate negotiate info response matches what we got earlier */
@@ -747,10 +749,12 @@ int smb3_validate_negotiate(const unsigned int xid, 
struct cifs_tcon *tcon)
 
/* validate negotiate successful */
cifs_dbg(FYI, "validate negotiate info successful\n");
+   kfree(pneg_rsp);
return 0;
 
 vneg_out:
cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n");
+   kfree(pneg_rsp);
return -EIO;
 }
 
-- 
2.13.5

[PATCH] SMB fix

2005-07-15 Thread J.A. Magallon


On 07.16, J.A. Magallon wrote:
> 
> On 07.15, Andrew Morton wrote:
> > 
> > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.13-rc3/2.6.13-rc3-mm1/
> > 

--- linux-2.6.12/fs/smbfs/request.c~2005-07-07 14:41:11.0 -0400
+++ linux-2.6.12/fs/smbfs/request.c 2005-07-07 14:41:22.0 -0400
@@ -348,6 +348,7 @@ int smb_add_request(struct smb_request *
smb_rput(req);
}
smb_unlock_server(server);
+   return -EINTR;
}
 
if (!timeleft) {


--
J.A. Magallon  \   Software is like sex:
werewolf!able!es \ It's better when it's free
Mandriva Linux release 2006.0 (Cooker) for i586
Linux 2.6.12-jam9 (gcc 4.0.1 (4.0.1-0.2mdk for Mandriva Linux release 2006.0))


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] SMB fix

2005-07-15 Thread J.A. Magallon


On 07.16, J.A. Magallon wrote:
 
 On 07.15, Andrew Morton wrote:
  
  ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.13-rc3/2.6.13-rc3-mm1/
  

--- linux-2.6.12/fs/smbfs/request.c~2005-07-07 14:41:11.0 -0400
+++ linux-2.6.12/fs/smbfs/request.c 2005-07-07 14:41:22.0 -0400
@@ -348,6 +348,7 @@ int smb_add_request(struct smb_request *
smb_rput(req);
}
smb_unlock_server(server);
+   return -EINTR;
}
 
if (!timeleft) {


--
J.A. Magallon jamagallon()able!es \   Software is like sex:
werewolf!able!es \ It's better when it's free
Mandriva Linux release 2006.0 (Cooker) for i586
Linux 2.6.12-jam9 (gcc 4.0.1 (4.0.1-0.2mdk for Mandriva Linux release 2006.0))


-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] SMB: fix memory leak in smb3_validate_negotiate

[PATCH] SMB: fix memory leak in smb3_validate_negotiate

[PATCH] SMB fix

[PATCH] SMB fix

4 matches

Site Navigation

Mail list logo

Footer information