| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jun 2018 12:18:25 -0500
From: Steve French <smfrench@...il.com>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: Steve French <sfrench@...ba.org>,
CIFS <linux-cifs@...r.kernel.org>,
samba-technical <samba-technical@...ts.samba.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [smb3] unreachable code and memory leaks
Gustavo,
Thx for pointing this out. Let me know if this patch addresses what
you found. Code is experimental mount option but extremely important
to get right due to move away from SMB1/CIFS which had posix
extensions.
On Mon, Jun 18, 2018 at 11:55 AM, Steve French <smfrench@...il.com> wrote:
> On Mon, Jun 18, 2018 at 8:07 AM, Gustavo A. R. Silva
> <gustavo@...eddedor.com> wrote:
>> Hi Steve,
>>
>> While doing some static analysis I came across the following piece of code at fs/cifs/smb2pdu.c:2017:
>>
>> 2017 if (n_iov > 2) {
>> 2018 struct create_context *ccontext =
>> 2019 (struct create_context *)iov[n_iov-1].iov_base;
>> 2020 ccontext->Next =
>> 2021 cpu_to_le32(iov[n_iov-1].iov_len);
>> 2022 }
>
> Good catch - this is harmless (and experimental mount option) - cut
> and paste - unneeded clause.
> Fixing now
>
>
>> Also, it seems there are multiple places in which memory allocated for *path* is leaking:
>>
>> 1946 else
>> 1947 return -EIO;
>>
>> 1951 if (rc)
>> 1952 return rc;
>>
>> 1987 if (rc) {
>> 1988 cifs_small_buf_release(req);
>> 1989 return rc;
>> 1990 }
>
> Cleaning that up now. Will post a patch - thx.
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
View attachment "0001-smb3-fix-memory-leak-in-smb311_posix_mkdir.patch" of type "text/x-patch" (2329 bytes)
Powered by blists - more mailing lists