Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3021816rwb; Mon, 15 Aug 2022 16:19:11 -0700 (PDT) X-Google-Smtp-Source: AA6agR6eOZHs7U7cpU50LYdcFHY3IJzxtpZnDFL9I3Qk9hwG1V0q4I8Nvm5aeE47aO/mwdesbFK0 X-Received: by 2002:a65:6cc4:0:b0:412:35fa:5bce with SMTP id g4-20020a656cc4000000b0041235fa5bcemr15463144pgw.466.1660605551567; Mon, 15 Aug 2022 16:19:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660605551; cv=none; d=google.com; s=arc-20160816; b=emkuY2EJb6UWM4zfFnSmXTb4JITLheI0DYuDZlnKBW8IAbSU8xOPQUoPpYJRr6RhBZ MA4ipP2Emy38rN8ZnYWERwA8miZ2fwa9GLFsdCajUGNHOLu//GSG9m+bp1kDkApP588S 83I3YpX9N/BWxfA4rPkCCxS8XlfxN2JWTUyqrzZteEbEXHd503UoZJiJpT9p0SzsmYqd 26bkAYLwZPZJ0TDzGOoLIMPgiPPFTPyWsFktfcqPhIIjEaWh0+IIQ8uwymcnQH6UJj6t P5ncekV90ES4BlPctAdeTF3KwIqJSENE3mHABR53pJLUnGiZmjQBRs54AkZILaUvEwxb joMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=lFlpa594gWnGcOZz0VsyN5dauKMVaLW7CKT57vt03vc=; b=ICzazTeqvRxDwDrnXlOjzuusmI5Pqz6YZvXwdkaqCbIeuAMSIfAiWPg9DGzuDDrFHa mGgvylmezyBHbXFcYR1MXHpCTcwAw2J6HNswEZ57ubn3q1/CjkT4mBo8fu8h7ViVvp8g Qz4FuVALDVp5qMtb52FGEiii1oqdL4l7F6fJjZl2blXzhYh6hRGqqzPfMujzec6e/B06 Cb5oPT9OKiBDtjLeIK+A9e8KcWygqljnHk8lZJjKK61f4p4A7hzvpxk3YL6mczrxVY7K zPjYls1WYTgqN0YNH8SMd7EARUwL53uDHgfS79yEYLlh4+RUQtIiyHnUwOW0e1YQqCFx jh5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AFWDe0AN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d1-20020a170903230100b0016dbc1b5b31si13555573plh.61.2022.08.15.16.19.00; Mon, 15 Aug 2022 16:19:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AFWDe0AN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347567AbiHOU0B (ORCPT + 99 others); Mon, 15 Aug 2022 16:26:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245711AbiHOUTI (ORCPT ); Mon, 15 Aug 2022 16:19:08 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1298679ECA; Mon, 15 Aug 2022 12:00:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EB332B8105C; Mon, 15 Aug 2022 19:00:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30F9CC433D6; Mon, 15 Aug 2022 19:00:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660590034; bh=YaFyEq5TNnM0erthFu+YMa+BtPUKxaeMZE5sVwUj5uM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AFWDe0AN35OYAJ4gawyCvW7ZSW+XkdNbcZfe2n+4nRrKwRGTiYb2doTrAbO0qwr5M kE7PB452JkO/2vnaORIDeAGxQc4jfSgjn9ufW+BfjtAdkQEOl9r6M0q5DxmS+T/FyK GXRyzjD/T0WEvTP/j6FxlHW50SMyYsZd5dfQyZJA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Namjae Jeon , Hyunchul Lee , Steve French , zdi-disclosures@trendmicro.com Subject: [PATCH 5.18 0099/1095] ksmbd: fix memory leak in smb2_handle_negotiate Date: Mon, 15 Aug 2022 19:51:38 +0200 Message-Id: <20220815180433.649914395@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180429.240518113@linuxfoundation.org> References: <20220815180429.240518113@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Namjae Jeon commit aa7253c2393f6dcd6a1468b0792f6da76edad917 upstream. The allocated memory didn't free under an error path in smb2_handle_negotiate(). Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17815 Signed-off-by: Namjae Jeon Reviewed-by: Hyunchul Lee Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/ksmbd/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -1139,12 +1139,16 @@ int smb2_handle_negotiate(struct ksmbd_w status); rsp->hdr.Status = status; rc = -EINVAL; + kfree(conn->preauth_info); + conn->preauth_info = NULL; goto err_out; } rc = init_smb3_11_server(conn); if (rc < 0) { rsp->hdr.Status = STATUS_INVALID_PARAMETER; + kfree(conn->preauth_info); + conn->preauth_info = NULL; goto err_out; }