shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-05 02:21:52 +09:00
Code Issues Packages Projects Releases Wiki Activity

smb: client: fix memory leak during error handling for POSIX mkdir

Browse Source 
commit 1fe4a44b7fa3955bcb7b4067c07b778fe90d8ee7 upstream.

The response buffer for the CREATE request handled by smb311_posix_mkdir()
is leaked on the error path (goto err_free_rsp_buf) because the structure
pointer *rsp passed to free_rsp_buf() is not assigned until *after* the
error condition is checked.

As *rsp is initialised to NULL, free_rsp_buf() becomes a no-op and the leak
is instead reported by __kmem_cache_shutdown() upon subsequent rmmod of
cifs.ko if (and only if) the error path has been hit.

Pass rsp_iov.iov_base to free_rsp_buf() instead, similar to the code in
other functions in smb2pdu.c for which *rsp is assigned late.

Cc: stable@vger.kernel.org
Signed-off-by: Jethro Donaldson <devel@jro.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Jethro Donaldson
2025-05-15 01:23:23 +12:00
committed by Greg Kroah-Hartman
parent d5b4310993
commit e424894340
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fs/smb/client/smb2pdu.c
View File

@@ -2826,7 +2826,7 @@ int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
/* Eventually save off posix specific response info and timestaps */ /* Eventually save off posix specific response info and timestaps */
err_free_rsp_buf: err_free_rsp_buf:
free_rsp_buf(resp_buftype, rsp); free_rsp_buf(resp_buftype, rsp_iov.iov_base);
kfree(pc_buf); kfree(pc_buf);
err_free_req: err_free_req:
cifs_small_buf_release(req); cifs_small_buf_release(req);