Commit 0e5c7955 authored by David Disseldorp's avatar David Disseldorp Committed by Steve French

cifs: fix leak in FSCTL_ENUM_SNAPS response handling

The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.

Fixes: 834170c8 ("Enable previous version support")
Signed-off-by: default avatarDavid Disseldorp <ddiss@suse.de>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
parent 26c9cb66
...@@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
} }
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) { if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE; rc = -ERANGE;
kfree(retbuf);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment