lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 19 May 2019 20:20:18 -0500
From:   Steve French <smfrench@...il.com>
To:     Colin King <colin.king@...onical.com>
Cc:     Steve French <sfrench@...ba.org>,
        CIFS <linux-cifs@...r.kernel.org>,
        samba-technical <samba-technical@...ts.samba.org>,
        kernel-janitors <kernel-janitors@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case

merged into cifs-2.6.git for-next (and added cc:stable #v5.1)

On Fri, May 17, 2019 at 3:42 AM Colin King <colin.king@...onical.com> wrote:
>
> From: Colin Ian King <colin.king@...onical.com>
>
> Currently in the case where SMB2_ioctl returns the -EOPNOTSUPP error
> there is a memory leak of pneg_inbuf. Fix this by returning via
> the out_free_inbuf exit path that will perform the relevant kfree.
>
> Addresses-Coverity: ("Resource leak")
> Fixes: 969ae8e8d4ee ("cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>  fs/cifs/smb2pdu.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 710ceb875161..5b8d1482ffbd 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -1054,7 +1054,8 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
>                  * not supported error. Client should accept it.
>                  */
>                 cifs_dbg(VFS, "Server does not support validate negotiate\n");
> -               return 0;
> +               rc = 0;
> +               goto out_free_inbuf;
>         } else if (rc != 0) {
>                 cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc);
>                 rc = -EIO;
> --
> 2.20.1
>


-- 
Thanks,

Steve

Powered by blists - more mailing lists