summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Disseldorp <ddiss@suse.de>2017-05-03 17:39:09 +0200
committerSteve French <smfrench@gmail.com>2017-05-03 09:54:12 -0500
commit0e5c795592930d51fd30d53a2e7b73cba022a29b (patch)
tree6921ebd2ac89689da36f02e119fad820cb7af9b8
parent26c9cb668c7fbf9830516b75d8bee70b699ed449 (diff)
downloadlinux-0e5c795592930d51fd30d53a2e7b73cba022a29b.tar.gz
linux-0e5c795592930d51fd30d53a2e7b73cba022a29b.tar.bz2
linux-0e5c795592930d51fd30d53a2e7b73cba022a29b.zip
cifs: fix leak in FSCTL_ENUM_SNAPS response handling
The server may respond with success, and an output buffer less than sizeof(struct smb_snapshot_array) in length. Do not leak the output buffer in this case. Fixes: 834170c85978 ("Enable previous version support") Signed-off-by: David Disseldorp <ddiss@suse.de> CC: Stable <stable@vger.kernel.org> Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r--fs/cifs/smb2ops.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 152e37f2ad92..c58691834eb2 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
}
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE;
+ kfree(retbuf);
return rc;
}