tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

cifs: fix potential memory leaks in session setup

Make sure to free cifs_ses::auth_key.response before allocating it as
we might end up leaking memory in reconnect or mounting.

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>

authored by Paulo Alcantara and committed by Steve French 2fe58d97 22aeb01d

+4
unified split
+1
fs/cifs/cifsencrypt.c
··· 278 278 * ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) + 279 279 * unicode length of a netbios domain name 280 280 */ 281 + kfree_sensitive(ses->auth_key.response); 281 282 ses->auth_key.len = size + 2 * dlen; 282 283 ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL); 283 284 if (!ses->auth_key.response) {
+2
fs/cifs/sess.c
··· 815 815 return -EINVAL; 816 816 } 817 817 if (tilen) { 818 + kfree_sensitive(ses->auth_key.response); 818 819 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen, 819 820 GFP_KERNEL); 820 821 if (!ses->auth_key.response) { ··· 1429 1428 goto out_put_spnego_key; 1430 1429 } 1431 1430 1431 + kfree_sensitive(ses->auth_key.response); 1432 1432 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1433 1433 GFP_KERNEL); 1434 1434 if (!ses->auth_key.response) {
+1
fs/cifs/smb2pdu.c
··· 1453 1453 1454 1454 /* keep session key if binding */ 1455 1455 if (!is_binding) { 1456 + kfree_sensitive(ses->auth_key.response); 1456 1457 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1457 1458 GFP_KERNEL); 1458 1459 if (!ses->auth_key.response) {