]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ef435de)
ksmbd: fix potential double free on smb2_read_pipe() error path
authorNamjae Jeon <linkinjeon@kernel.org>
Mon, 18 Dec 2023 15:34:38 +0000 (00:34 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 23 Dec 2023 09:41:59 +0000 (10:41 +0100)
[ Upstream commit 1903e6d0578118e9aab1ee23f4a9de55737d1d05 ]

Fix new smatch warnings:
fs/smb/server/smb2pdu.c:6131 smb2_read_pipe() error: double free of 'rpc_resp'

Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ksmbd/smb2pdu.c patch | blob | blame | history

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 22bcadce3fed3058a2f1136df7df7740269a77ee..4894bab5ed6394637d38d67e6f7a29b5a373bf00 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -6154,12 +6154,12 @@ static noinline int smb2_read_pipe(struct ksmbd_work *work)
                memcpy(aux_payload_buf, rpc_resp->payload, rpc_resp->payload_sz);
 
                nbytes = rpc_resp->payload_sz;
-               kvfree(rpc_resp);
                err = ksmbd_iov_pin_rsp_read(work, (void *)rsp,
                                             offsetof(struct smb2_read_rsp, Buffer),
                                             aux_payload_buf, nbytes);
                if (err)
                        goto out;
+               kvfree(rpc_resp);
        } else {
                err = ksmbd_iov_pin_rsp(work, (void *)rsp,
                                        offsetof(struct smb2_read_rsp, Buffer));
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git