cifs: fix leak in FSCTL_ENUM_SNAPS response handling

commit 0e5c795592 upstream. The server may respond with success, and an output buffer less than sizeof(struct smb_snapshot_array) in length. Do not leak the output buffer in this case. Fixes: 834170c859 ("Enable previous version support") Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-03 17:39:09 +02:00 · 2017-05-03 17:39:09 +02:00 · 449a74439d
parent 87c0604d86
commit 449a74439d
1 changed files with 1 additions and 0 deletions
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@ -924,6 +924,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
 		}
 		if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
 			rc = -ERANGE;
+			kfree(retbuf);
 			return rc;
 		}