]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
smb: client: fix query directory replay double-free
authorHenrique Carvalho <henrique.carvalho@suse.com>
Thu, 18 Jun 2026 20:34:38 +0000 (17:34 -0300)
committerSteve French <stfrench@microsoft.com>
Thu, 18 Jun 2026 23:12:23 +0000 (18:12 -0500)
commit9647492b5e41954be59d5157eddbcd4cdc1656f7
treec5739b6d08c92b6707b9913f24956152947b30f1
parent145f820dcbb2cced374f2532f8a61a44dce4a615
smb: client: fix query directory replay double-free

A response-bearing attempt can return a replayable error and free its
response buffer. If SMB2_query_directory_init() fails before the next send,
cleanup retains the previous buffer type and frees that response again.

Reset response bookkeeping before each attempt to prevent the stale free.

Fixes: 4f1fffa23769 ("cifs: commands that are retried should have replay flag set")
Cc: stable@vger.kernel.org
Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/client/smb2pdu.c