ksmbd: fix memory leak in smb2_handle_negotiate
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 28 Jul 2022 12:56:19 +0000 (21:56 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Aug 2022 12:22:56 +0000 (14:22 +0200)
commit aa7253c2393f6dcd6a1468b0792f6da76edad917 upstream.

The allocated memory didn't free under an error
path in smb2_handle_negotiate().

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17815
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ksmbd/smb2pdu.c

index 876afde0ea6609bd870f61eb763e0741f54e9a0f..4f92382530ab21405fc004ebe38bb5b77af6897c 100644 (file)
@@ -1146,12 +1146,16 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
                               status);
                        rsp->hdr.Status = status;
                        rc = -EINVAL;
+                       kfree(conn->preauth_info);
+                       conn->preauth_info = NULL;
                        goto err_out;
                }
 
                rc = init_smb3_11_server(conn);
                if (rc < 0) {
                        rsp->hdr.Status = STATUS_INVALID_PARAMETER;
+                       kfree(conn->preauth_info);
+                       conn->preauth_info = NULL;
                        goto err_out;
                }