Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
cifs: fix potential memory leaks in session setup
Make sure to free cifs_ses::auth_key.response before allocating it as
we might end up leaking memory in reconnect or mounting.
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
authored by Paulo Alcantara and committed by Steve French 2fe58d97 22aeb01d
+1
fs/cifs/cifsencrypt.c
+1
fs/cifs/cifsencrypt.c
···
278
* ( for NTLMSSP_AV_NB_DOMAIN_NAME followed by NTLMSSP_AV_EOL ) +
279
* unicode length of a netbios domain name
280
*/
281
+
kfree_sensitive(ses->auth_key.response);
282
ses->auth_key.len = size + 2 * dlen;
283
ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
284
if (!ses->auth_key.response) {
+2
fs/cifs/sess.c
+2
fs/cifs/sess.c
···
815
return -EINVAL;
816
}
817
if (tilen) {
818
ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
819
GFP_KERNEL);
820
if (!ses->auth_key.response) {
···
1429
goto out_put_spnego_key;
1430
}
1431
1432
ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1433
GFP_KERNEL);
1434
if (!ses->auth_key.response) {
···
815
return -EINVAL;
816
}
817
if (tilen) {
818
+
kfree_sensitive(ses->auth_key.response);
819
ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
820
GFP_KERNEL);
821
if (!ses->auth_key.response) {
···
1428
goto out_put_spnego_key;
1429
}
1430
1431
+
kfree_sensitive(ses->auth_key.response);
1432
ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1433
GFP_KERNEL);
1434
if (!ses->auth_key.response) {
+1
fs/cifs/smb2pdu.c
+1
fs/cifs/smb2pdu.c