| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220815180443.954277531@linuxfoundation.org>
Date: Mon, 15 Aug 2022 19:51:04 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Namjae Jeon <linkinjeon@...nel.org>,
Hyunchul Lee <hyc.lee@...il.com>,
Steve French <stfrench@...rosoft.com>,
zdi-disclosures@...ndmicro.com
Subject: [PATCH 5.19 0108/1157] ksmbd: fix memory leak in smb2_handle_negotiate
From: Namjae Jeon <linkinjeon@...nel.org>
commit aa7253c2393f6dcd6a1468b0792f6da76edad917 upstream.
The allocated memory didn't free under an error
path in smb2_handle_negotiate().
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@...r.kernel.org
Reported-by: zdi-disclosures@...ndmicro.com # ZDI-CAN-17815
Signed-off-by: Namjae Jeon <linkinjeon@...nel.org>
Reviewed-by: Hyunchul Lee <hyc.lee@...il.com>
Signed-off-by: Steve French <stfrench@...rosoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
fs/ksmbd/smb2pdu.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1139,12 +1139,16 @@ int smb2_handle_negotiate(struct ksmbd_w
status);
rsp->hdr.Status = status;
rc = -EINVAL;
+ kfree(conn->preauth_info);
+ conn->preauth_info = NULL;
goto err_out;
}
rc = init_smb3_11_server(conn);
if (rc < 0) {
rsp->hdr.Status = STATUS_INVALID_PARAMETER;
+ kfree(conn->preauth_info);
+ conn->preauth_info = NULL;
goto err_out;
}
Powered by blists - more mailing lists