Commit 449a7443 authored by David Disseldorp's avatar David Disseldorp Committed by Greg Kroah-Hartman

cifs: fix leak in FSCTL_ENUM_SNAPS response handling

commit 0e5c7955 upstream.

The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.

Fixes: 834170c8 ("Enable previous version support")
Signed-off-by: default avatarDavid Disseldorp <ddiss@suse.de>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 87c0604d
...@@ -924,6 +924,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon, ...@@ -924,6 +924,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
} }
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) { if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE; rc = -ERANGE;
kfree(retbuf);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment