| Message ID | 20240109141445.6808-1-pchelkin@ispras.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] ksmbd: free ppace array on error in parse_dacl | expand |
2024-01-09 23:14 GMT+09:00, Fedor Pchelkin <pchelkin@ispras.ru>: > The ppace array is not freed if one of the init_acl_state() calls inside > parse_dacl() fails. At the moment the function may fail only due to the > memory allocation errors so it's highly unlikely in this case but > nevertheless a fix is needed. > > Move ppace allocation after the init_acl_state() calls with proper error > handling. > > Found by Linux Verification Center (linuxtesting.org). > > Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") > Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Applied it to #ksmbd-for-next-next. Thanks for your patch!
diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c index 1164365533f0..1c9775f1efa5 100644 --- a/fs/smb/server/smbacl.c +++ b/fs/smb/server/smbacl.c @@ -401,10 +401,6 @@ static void parse_dacl(struct mnt_idmap *idmap, if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) return; - ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL); - if (!ppace) - return; - ret = init_acl_state(&acl_state, num_aces); if (ret) return; @@ -414,6 +410,13 @@ static void parse_dacl(struct mnt_idmap *idmap, return; } + ppace = kmalloc_array(num_aces, sizeof(struct smb_ace *), GFP_KERNEL); + if (!ppace) { + free_acl_state(&default_acl_state); + free_acl_state(&acl_state); + return; + } + /* * reset rwx permissions for user/group/other. * Also, if num_aces is 0 i.e. DACL has no ACEs,
The ppace array is not freed if one of the init_acl_state() calls inside parse_dacl() fails. At the moment the function may fail only due to the memory allocation errors so it's highly unlikely in this case but nevertheless a fix is needed. Move ppace allocation after the init_acl_state() calls with proper error handling. Found by Linux Verification Center (linuxtesting.org). Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> --- v2: refine the patch with moving ppace allocation into another place per Namjae's suggestion; update the commit description accordingly. fs/smb/server/smbacl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)