diff options
author | Namjae Jeon <linkinjeon@kernel.org> | 2022-07-28 14:56:19 +0200 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2022-08-01 06:14:32 +0200 |
commit | aa7253c2393f6dcd6a1468b0792f6da76edad917 (patch) | |
tree | a8c512f947f4682474586b86ac907fd2d6903393 /fs/ksmbd | |
parent | ksmbd: fix racy issue while destroying session on multichannel (diff) | |
download | linux-aa7253c2393f6dcd6a1468b0792f6da76edad917.tar.xz linux-aa7253c2393f6dcd6a1468b0792f6da76edad917.zip |
ksmbd: fix memory leak in smb2_handle_negotiate
The allocated memory didn't free under an error
path in smb2_handle_negotiate().
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17815
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd')
-rw-r--r-- | fs/ksmbd/smb2pdu.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 246ce4cd8469..c545c41b0364 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1142,12 +1142,16 @@ int smb2_handle_negotiate(struct ksmbd_work *work) status); rsp->hdr.Status = status; rc = -EINVAL; + kfree(conn->preauth_info); + conn->preauth_info = NULL; goto err_out; } rc = init_smb3_11_server(conn); if (rc < 0) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; + kfree(conn->preauth_info); + conn->preauth_info = NULL; goto err_out; } |