summaryrefslogtreecommitdiffstats
path: root/fs/ksmbd
diff options
context:
space:
mode:
authorNamjae Jeon <linkinjeon@kernel.org>2022-07-28 14:56:19 +0200
committerSteve French <stfrench@microsoft.com>2022-08-01 06:14:32 +0200
commitaa7253c2393f6dcd6a1468b0792f6da76edad917 (patch)
treea8c512f947f4682474586b86ac907fd2d6903393 /fs/ksmbd
parentksmbd: fix racy issue while destroying session on multichannel (diff)
downloadlinux-aa7253c2393f6dcd6a1468b0792f6da76edad917.tar.xz
linux-aa7253c2393f6dcd6a1468b0792f6da76edad917.zip
ksmbd: fix memory leak in smb2_handle_negotiate
The allocated memory didn't free under an error path in smb2_handle_negotiate(). Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17815 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd')
-rw-r--r--fs/ksmbd/smb2pdu.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 246ce4cd8469..c545c41b0364 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1142,12 +1142,16 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
status);
rsp->hdr.Status = status;
rc = -EINVAL;
+ kfree(conn->preauth_info);
+ conn->preauth_info = NULL;
goto err_out;
}
rc = init_smb3_11_server(conn);
if (rc < 0) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
+ kfree(conn->preauth_info);
+ conn->preauth_info = NULL;
goto err_out;
}