diff options
author | David Disseldorp <ddiss@suse.de> | 2017-05-03 17:39:09 +0200 |
---|---|---|
committer | Steve French <smfrench@gmail.com> | 2017-05-03 09:54:12 -0500 |
commit | 0e5c795592930d51fd30d53a2e7b73cba022a29b (patch) | |
tree | 6921ebd2ac89689da36f02e119fad820cb7af9b8 | |
parent | 26c9cb668c7fbf9830516b75d8bee70b699ed449 (diff) | |
download | linux-0e5c795592930d51fd30d53a2e7b73cba022a29b.tar.gz linux-0e5c795592930d51fd30d53a2e7b73cba022a29b.tar.bz2 linux-0e5c795592930d51fd30d53a2e7b73cba022a29b.zip |
cifs: fix leak in FSCTL_ENUM_SNAPS response handling
The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.
Fixes: 834170c85978 ("Enable previous version support")
Signed-off-by: David Disseldorp <ddiss@suse.de>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
-rw-r--r-- | fs/cifs/smb2ops.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 152e37f2ad92..c58691834eb2 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon, } if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) { rc = -ERANGE; + kfree(retbuf); return rc; } |