cifs: fix leak in FSCTL_ENUM_SNAPS response handling commit 0e5c795592930d51fd30d53a2e7b73cba022a29b upstream. The server may respond with success, and an output buffer less than sizeof(struct smb_snapshot_array) in length. Do not leak the output buffer in this case. Fixes: 834170c85978 ("Enable previous version support") Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: 449a74439d1525b43357be9da42b84fcdbd6b5a9 [log] [tgz]
author: David Disseldorp <ddiss@suse.de> Wed May 03 17:39:09 2017 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Sat May 20 14:28:40 2017 +0200
tree: f61d516aef76cfeb9e8a186101bc6c7b197f6f41
parent: 87c0604d860ffcef347510a798dbb5fe681a4b65 [diff]
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 007abf7..36334fe 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c

@@ -924,6 +924,7 @@
 		}
 		if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
 			rc = -ERANGE;
+			kfree(retbuf);
 			return rc;
 		}
commit	449a74439d1525b43357be9da42b84fcdbd6b5a9	[log] [tgz]
author	David Disseldorp <ddiss@suse.de>	Wed May 03 17:39:09 2017 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Sat May 20 14:28:40 2017 +0200
tree	f61d516aef76cfeb9e8a186101bc6c7b197f6f41
parent	87c0604d860ffcef347510a798dbb5fe681a4b65 [diff]