diff mbox series

ksmbd: fix memleak in get_file_stream_info()

Message ID 20211124014511.12510-1-linkinjeon@kernel.org (mailing list archive)
State New, archived
Headers show
Series ksmbd: fix memleak in get_file_stream_info() | expand

Commit Message

Namjae Jeon Nov. 24, 2021, 1:45 a.m. UTC
Fix memleak in get_file_stream_info()

Fixes: 34061d6b76a4 ("ksmbd: validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests")
Cc: stable@vger.kernel.org # v5.15
Reported-by: Coverity Scan <scan-admin@coverity.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 fs/ksmbd/smb2pdu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Hyunchul Lee Nov. 24, 2021, 5:04 a.m. UTC | #1
2021년 11월 24일 (수) 오후 1:46, Namjae Jeon <linkinjeon@kernel.org>님이 작성:
>
> Fix memleak in get_file_stream_info()
>
> Fixes: 34061d6b76a4 ("ksmbd: validate OutputBufferLength of QUERY_DIR, QUERY_INFO, IOCTL requests")
> Cc: stable@vger.kernel.org # v5.15
> Reported-by: Coverity Scan <scan-admin@coverity.com>
> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
> ---

Acked-by: Hyunchul Lee <hyc.lee@gmail.com>

>  fs/ksmbd/smb2pdu.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
> index 2067d5bab1b0..c70972b49da8 100644
> --- a/fs/ksmbd/smb2pdu.c
> +++ b/fs/ksmbd/smb2pdu.c
> @@ -4496,8 +4496,10 @@ static void get_file_stream_info(struct ksmbd_work *work,
>                                      ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);
>
>                 next = sizeof(struct smb2_file_stream_info) + streamlen * 2;
> -               if (next > buf_free_len)
> +               if (next > buf_free_len) {
> +                       kfree(stream_buf);
>                         break;
> +               }
>
>                 file_info = (struct smb2_file_stream_info *)&rsp->Buffer[nbytes];
>                 streamlen  = smbConvertToUTF16((__le16 *)file_info->StreamName,
> --
> 2.25.1
>
diff mbox series

Patch

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 2067d5bab1b0..c70972b49da8 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -4496,8 +4496,10 @@  static void get_file_stream_info(struct ksmbd_work *work,
 				     ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);
 
 		next = sizeof(struct smb2_file_stream_info) + streamlen * 2;
-		if (next > buf_free_len)
+		if (next > buf_free_len) {
+			kfree(stream_buf);
 			break;
+		}
 
 		file_info = (struct smb2_file_stream_info *)&rsp->Buffer[nbytes];
 		streamlen  = smbConvertToUTF16((__le16 *)file_info->StreamName,