From patchwork Sat Sep 30 06:05:29 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
X-Patchwork-Id: 820181
Return-Path: <linux-cifs-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=linux-cifs-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3y3ygV0pj8z9t60
	for <incoming@patchwork.ozlabs.org>;
	Sat, 30 Sep 2017 16:09:26 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751099AbdI3GJZ (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sat, 30 Sep 2017 02:09:25 -0400
Received: from smtp07.smtpout.orange.fr ([80.12.242.129]:53575 "EHLO
	smtp.smtpout.orange.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750933AbdI3GJY (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Sat, 30 Sep 2017 02:09:24 -0400
Received: from localhost.localdomain ([86.196.182.67]) by mwinf5d83 with ME
	id Fi9N1w0071TfVo603i9Nj0; Sat, 30 Sep 2017 08:09:22 +0200
X-ME-Helo: localhost.localdomain
X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI=
X-ME-Date: Sat, 30 Sep 2017 08:09:22 +0200
X-ME-IP: 86.196.182.67
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: sfrench@samba.org
Cc: linux-cifs@vger.kernel.org, samba-technical@lists.samba.org,
	linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
	Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Subject: [PATCH] SMB3: Fix resource leak if an unexpected dialect is returned
Date: Sat, 30 Sep 2017 08:05:29 +0200
Message-Id: <20170930060529.8445-1-christophe.jaillet@wanadoo.fr>
X-Mailer: git-send-email 2.11.0
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org

If we receive an unexpected dialect, we must free some resources before
returning.

Branch to the existing error hangling path to fix it.

Fixes: 9764c02fcbad ("SMB3: Add support for multidialect negotiate (SMB2.1 and later)")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 fs/cifs/smb2pdu.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6f0e6343c15e..29025398d7d2 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -554,18 +554,21 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 		if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
 			cifs_dbg(VFS,
 				"SMB2 dialect returned but not requested\n");
-			return -EIO;
+			rc = -EIO;
+			goto neg_exit;
 		} else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
 			cifs_dbg(VFS,
 				"SMB2.1 dialect returned but not requested\n");
-			return -EIO;
+			rc = -EIO;
+			goto neg_exit;
 		}
 	} else if (strcmp(ses->server->vals->version_string,
 		   SMBDEFAULT_VERSION_STRING) == 0) {
 		if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
 			cifs_dbg(VFS,
 				"SMB2 dialect returned but not requested\n");
-			return -EIO;
+			rc = -EIO;
+			goto neg_exit;
 		} else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
 			/* ops set to 3.0 by default for default so update */
 			ses->server->ops = &smb21_operations;
@@ -575,7 +578,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 		/* if requested single dialect ensure returned dialect matched */
 		cifs_dbg(VFS, "Illegal 0x%x dialect returned: not requested\n",
 			le16_to_cpu(rsp->DialectRevision));
-		return -EIO;
+		rc = -EIO;
+		goto neg_exit;
 	}
 
 	cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);