[PATCH 4.11 072/114] cifs: fix leak in FSCTL_ENUM_SNAPS response handling

From: Greg Kroah-Hartman
Date: Thu May 18 2017 - 06:52:54 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.11 082/114] dax: prevent invalidation of mapped DAX entries"
Previous message: Greg Kroah-Hartman: "[PATCH 4.11 073/114] cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops"
In reply to: Greg Kroah-Hartman: "[PATCH 4.11 073/114] cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.11 082/114] dax: prevent invalidation of mapped DAX entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.11-stable review patch. If anyone has any objections, please let me know.

------------------

From: David Disseldorp <ddiss@xxxxxxx>

commit 0e5c795592930d51fd30d53a2e7b73cba022a29b upstream.

The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.

Fixes: 834170c85978 ("Enable previous version support")
Signed-off-by: David Disseldorp <ddiss@xxxxxxx>
Signed-off-by: Steve French <smfrench@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/cifs/smb2ops.c | 1 +
1 file changed, 1 insertion(+)

--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int x
}
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE;
+ kfree(retbuf);
return rc;
}

Next message: Greg Kroah-Hartman: "[PATCH 4.11 082/114] dax: prevent invalidation of mapped DAX entries"
Previous message: Greg Kroah-Hartman: "[PATCH 4.11 073/114] cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops"
In reply to: Greg Kroah-Hartman: "[PATCH 4.11 073/114] cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.11 082/114] dax: prevent invalidation of mapped DAX entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]