diff options
author | Shyam Prasad N <sprasad@microsoft.com> | 2022-01-17 00:20:47 -0600 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2022-01-17 11:56:19 -0600 |
commit | e3548aaf41a200c2af359462be23bcdd76efd795 (patch) | |
tree | 00c2f2395df998204f7754edd109b320ede6f541 /fs | |
parent | 0c947b893d69231a9add855939da7c66237ab44f (diff) | |
download | lwn-e3548aaf41a200c2af359462be23bcdd76efd795.tar.gz lwn-e3548aaf41a200c2af359462be23bcdd76efd795.zip |
cifs: free ntlmsspblob allocated in negotiate
One of my previous fixes:
cifs: send workstation name during ntlmssp session setup
...changed the prototype of build_ntlmssp_negotiate_blob
from being allocated by the caller to being allocated within
the function. The caller needs to free this object too.
While SMB2 version of the caller did it, I forgot to free
for the SMB1 version. Fixing that here.
Fixes: 49bd49f983b5 ("cifs: send workstation name during ntlmssp session setup")
Cc: stable@vger.kernel.org # 5.16
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/sess.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index d12490e12be5..ffaa091e41a4 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -1413,7 +1413,7 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) &blob_len, ses, server, sess_data->nls_cp); if (rc) - goto out; + goto out_free_ntlmsspblob; sess_data->iov[1].iov_len = blob_len; sess_data->iov[1].iov_base = ntlmsspblob; @@ -1421,7 +1421,7 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) rc = _sess_auth_rawntlmssp_assemble_req(sess_data); if (rc) - goto out; + goto out_free_ntlmsspblob; rc = sess_sendreceive(sess_data); @@ -1435,14 +1435,14 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) rc = 0; if (rc) - goto out; + goto out_free_ntlmsspblob; cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n"); if (smb_buf->WordCount != 4) { rc = -EIO; cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); - goto out; + goto out_free_ntlmsspblob; } ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */ @@ -1456,10 +1456,13 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) cifs_dbg(VFS, "bad security blob length %d\n", blob_len); rc = -EINVAL; - goto out; + goto out_free_ntlmsspblob; } rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses); + +out_free_ntlmsspblob: + kfree(ntlmsspblob); out: sess_free_buffer(sess_data); |