Skip to content

Commit

Permalink
cifs: fix leak in FSCTL_ENUM_SNAPS response handling
Browse files Browse the repository at this point in the history
The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.

Fixes: 834170c ("Enable previous version support")
Signed-off-by: David Disseldorp <[email protected]>
CC: Stable <[email protected]>
Signed-off-by: Steve French <[email protected]>
  • Loading branch information
ddiss authored and smfrench committed May 3, 2017
1 parent 26c9cb6 commit 0e5c795
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions fs/cifs/smb2ops.c
Original file line number Diff line number Diff line change
Expand Up @@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
}
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE;
kfree(retbuf);
return rc;
}

Expand Down

0 comments on commit 0e5c795

Please sign in to comment.