| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231201145048.2179969-1-wozizhi@huawei.com>
Date: Fri, 1 Dec 2023 22:50:48 +0800
From: Zizhi Wo <wozizhi@...wei.com>
To: <linkinjeon@...nel.org>, <sfrench@...ba.org>,
<senozhatsky@...omium.org>, <lsahlber@...hat.com>,
<hyc.lee@...il.com>
CC: <linux-cifs@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<wozizhi@...wei.com>, <yangerkun@...wei.com>
Subject: [PATCH -next] ksmbd: fix memory leak in smb2_lock()
In smb2_lock(), if setup_async_work() executes successfully,
work->cancel_argv will bind the argv that generated by kmalloc(). And
release_async_work() is called in ksmbd_conn_try_dequeue_request() or
smb2_lock() to release argv.
However, when setup_async_work function fails, work->cancel_argv has not
been bound to the argv, resulting in the previously allocated argv not
being released. Call kfree() to fix it.
when setup_async_work fails, the code will go to the
"out" branch, resulting in the previously allocated "argv" not being
released. Call kfree() to fix it.
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Signed-off-by: Zizhi Wo <wozizhi@...wei.com>
---
fs/smb/server/smb2pdu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 658209839729..67cbeb713f70 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -7078,6 +7078,7 @@ int smb2_lock(struct ksmbd_work *work)
smb2_remove_blocked_lock,
argv);
if (rc) {
+ kfree(argv);
err = -ENOMEM;
goto out;
}
--
2.39.2
Powered by blists - more mailing lists