[10/14] cifs: fix memory leak in SMB2_open()

Message ID 20180213044234.18364-11-lsahlber@redhat.com
State New
Headers show
Series
  • cifs: add compounding support for smb2+
Related show

Commit Message

Ronnie Sahlberg Feb. 13, 2018, 4:42 a.m.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/smb2pdu.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Steve French Feb. 13, 2018, 10:10 p.m. | #1
merged into cifs-2.6.git for-next and added cc:stable

On Mon, Feb 12, 2018 at 10:42 PM, Ronnie Sahlberg <lsahlber@redhat.com> wrote:
> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
> ---
>  fs/cifs/smb2pdu.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index ac6b1d8d0c88..511c441c6b4f 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1773,8 +1773,10 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
>                 rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
>                                                  &name_len,
>                                                  tcon->treeName, path);
> -               if (rc)
> +               if (rc) {
> +                       cifs_small_buf_release(req);
>                         return rc;
> +               }
>                 req->NameLength = cpu_to_le16(name_len * 2);
>                 uni_path_len = copy_size;
>                 path = copy_path;
> @@ -1785,8 +1787,10 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
>                 if (uni_path_len % 8 != 0) {
>                         copy_size = roundup(uni_path_len, 8);
>                         copy_path = kzalloc(copy_size, GFP_KERNEL);
> -                       if (!copy_path)
> +                       if (!copy_path) {
> +                               cifs_small_buf_release(req);
>                                 return -ENOMEM;
> +                       }
>                         memcpy((char *)copy_path, (const char *)path,
>                                uni_path_len);
>                         uni_path_len = copy_size;
> --
> 2.13.3
>

Patch

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index ac6b1d8d0c88..511c441c6b4f 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1773,8 +1773,10 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
 						 &name_len,
 						 tcon->treeName, path);
-		if (rc)
+		if (rc) {
+			cifs_small_buf_release(req);
 			return rc;
+		}
 		req->NameLength = cpu_to_le16(name_len * 2);
 		uni_path_len = copy_size;
 		path = copy_path;
@@ -1785,8 +1787,10 @@  SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
 		if (uni_path_len % 8 != 0) {
 			copy_size = roundup(uni_path_len, 8);
 			copy_path = kzalloc(copy_size, GFP_KERNEL);
-			if (!copy_path)
+			if (!copy_path) {
+				cifs_small_buf_release(req);
 				return -ENOMEM;
+			}
 			memcpy((char *)copy_path, (const char *)path,
 			       uni_path_len);
 			uni_path_len = copy_size;