diff options
| author | Xin Xiong <xiongx18@fudan.edu.cn> | 2022-04-29 10:11:22 +0200 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2022-05-10 05:23:01 +0200 |
| commit | d21a580dafc69aa04f46e6099616146a536b0724 (patch) | |
| tree | 37a8d47748781bd72b83192bb3dbfc11372ec4e6 /fs | |
| parent | Linux 5.18-rc6 (diff) | |
| download | linux-d21a580dafc69aa04f46e6099616146a536b0724.tar.xz linux-d21a580dafc69aa04f46e6099616146a536b0724.zip | |
ksmbd: fix reference count leak in smb_check_perm_dacl()
The issue happens in a specific path in smb_check_perm_dacl(). When
"id" and "uid" have the same value, the function simply jumps out of
the loop without decrementing the reference count of the object
"posix_acls", which is increased by get_acl() earlier. This may
result in memory leaks.
Fix it by decreasing the reference count of "posix_acls" before
jumping to label "check_access_bits".
Fixes: 777cad1604d6 ("ksmbd: remove select FS_POSIX_ACL in Kconfig")
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ksmbd/smbacl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c index 6ecf55ea1fed..38f23bf981ac 100644 --- a/fs/ksmbd/smbacl.c +++ b/fs/ksmbd/smbacl.c @@ -1261,6 +1261,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path, if (!access_bits) access_bits = SET_MINIMUM_RIGHTS; + posix_acl_release(posix_acls); goto check_access_bits; } } |