lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH2r5mvu7e2ec6fb0Aay5OAr8S31jy=j7_7sL_VRfi6U2G_mZA@mail.gmail.com>
Date:   Mon, 18 Jun 2018 12:18:25 -0500
From:   Steve French <smfrench@...il.com>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     Steve French <sfrench@...ba.org>,
        CIFS <linux-cifs@...r.kernel.org>,
        samba-technical <samba-technical@...ts.samba.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [smb3] unreachable code and memory leaks

Gustavo,
Thx for pointing this out.  Let me know if this patch addresses what
you found.  Code is experimental mount option but extremely important
to get right due to move away from SMB1/CIFS which had posix
extensions.



On Mon, Jun 18, 2018 at 11:55 AM, Steve French <smfrench@...il.com> wrote:
> On Mon, Jun 18, 2018 at 8:07 AM, Gustavo A. R. Silva
> <gustavo@...eddedor.com> wrote:
>> Hi Steve,
>>
>> While doing some static analysis I came across the following piece of code at fs/cifs/smb2pdu.c:2017:
>>
>> 2017                if (n_iov > 2) {
>> 2018                        struct create_context *ccontext =
>> 2019                            (struct create_context *)iov[n_iov-1].iov_base;
>> 2020                        ccontext->Next =
>> 2021                                cpu_to_le32(iov[n_iov-1].iov_len);
>> 2022                }
>
> Good catch - this is harmless (and experimental mount option) - cut
> and paste - unneeded clause.
> Fixing now
>
>
>> Also, it seems there are multiple places in which memory allocated for *path* is leaking:
>>
>> 1946        else
>> 1947                return -EIO;
>>
>> 1951        if (rc)
>> 1952                return rc;
>>
>> 1987                if (rc) {
>> 1988                        cifs_small_buf_release(req);
>> 1989                        return rc;
>> 1990                }
>
> Cleaning that up now. Will post a patch - thx.
>
>
> --
> Thanks,
>
> Steve



-- 
Thanks,

Steve

View attachment "0001-smb3-fix-memory-leak-in-smb311_posix_mkdir.patch" of type "text/x-patch" (2329 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ