ksmbd: fix memory leak in smb2_handle_negotiate

The allocated memory didn't free under an error
path in smb2_handle_negotiate().

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17815
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 246ce4c..c545c41 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -1142,12 +1142,16 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
                               status);
                        rsp->hdr.Status = status;
                        rc = -EINVAL;
+                       kfree(conn->preauth_info);
+                       conn->preauth_info = NULL;
                        goto err_out;
                }
 
                rc = init_smb3_11_server(conn);
                if (rc < 0) {
                        rsp->hdr.Status = STATUS_INVALID_PARAMETER;
+                       kfree(conn->preauth_info);
+                       conn->preauth_info = NULL;
                        goto err_out;
                }