diff options
author | Pavel Shilovsky <piastry@etersoft.ru> | 2012-09-19 14:03:26 +0200 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2012-09-25 04:46:34 +0200 |
commit | e5d04887196ee30423c79e52043d418e04012954 (patch) | |
tree | c251c3827b3def8c95d9e5b700c8de9ae42c2b12 /fs/cifs/smb2pdu.c | |
parent | CIFS: Fix endian conversion of IndexNumber (diff) | |
download | linux-e5d04887196ee30423c79e52043d418e04012954.tar.xz linux-e5d04887196ee30423c79e52043d418e04012954.zip |
CIFS: Fix possible memory leaks in SMB2 code
and add missed increments of failed async read and write requests.
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Signed-off-by: Steve French <smfrench@gmail.com>
Diffstat (limited to 'fs/cifs/smb2pdu.c')
-rw-r--r-- | fs/cifs/smb2pdu.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 1572abefb378..a7db95f4760c 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1218,13 +1218,13 @@ query_info(const unsigned int xid, struct cifs_tcon *tcon, iov[0].iov_len = get_rfc1002_length(req) + 4; rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); + rsp = (struct smb2_query_info_rsp *)iov[0].iov_base; + if (rc) { cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); goto qinf_exit; } - rsp = (struct smb2_query_info_rsp *)iov[0].iov_base; - rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset), le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr, min_len, data); @@ -1485,8 +1485,10 @@ smb2_async_readv(struct cifs_readdata *rdata) rc = cifs_call_async(io_parms.tcon->ses->server, &rqst, cifs_readv_receive, smb2_readv_callback, rdata, 0); - if (rc) + if (rc) { kref_put(&rdata->refcount, cifs_readdata_release); + cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE); + } cifs_small_buf_release(buf); return rc; @@ -1643,8 +1645,10 @@ smb2_async_writev(struct cifs_writedata *wdata) rc = cifs_call_async(tcon->ses->server, &rqst, NULL, smb2_writev_callback, wdata, 0); - if (rc) + if (rc) { kref_put(&wdata->refcount, cifs_writedata_release); + cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); + } async_writev_out: cifs_small_buf_release(req); @@ -1700,15 +1704,15 @@ SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms, rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1, &resp_buftype, 0); + rsp = (struct smb2_write_rsp *)iov[0].iov_base; if (rc) { cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE); cERROR(1, "Send error in write = %d", rc); - } else { - rsp = (struct smb2_write_rsp *)iov[0].iov_base; + } else *nbytes = le32_to_cpu(rsp->DataLength); - free_rsp_buf(resp_buftype, rsp); - } + + free_rsp_buf(resp_buftype, rsp); return rc; } @@ -1828,11 +1832,12 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, inc_rfc1001_len(req, len - 1 /* Buffer */); rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0); + rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base; + if (rc) { cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); goto qdir_exit; } - rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base; rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset), le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr, |