On Tue, 14 Sep 2010 22:38:14 -0500
Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:
> >> + if (ses->tilen > 0) {
> >> + memcpy(bcc_ptr, ses->tiblob,
> >> + ses->tilen);
> >> + bcc_ptr += ses->tilen;
> >> + kfree(ses->tiblob);
> >> + ses->tilen = 0;
> >> + }
> >> if (ses->capabilities & CAP_UNICODE) {
> >> if (iov[0].iov_len % 2) {
> >> *bcc_ptr = 0;
> >> @@ -815,12 +862,33 @@ ssetup_ntlmssp_authenticate:
> >> if (phase == NtLmNegotiate) {
> >> setup_ntlmssp_neg_req(pSMB, ses);
> >> iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
> >> + iov[1].iov_base = &pSMB->req.SecurityBlob[0];
> >> } else if (phase == NtLmAuthenticate) {
> >> int blob_len;
> >> - blob_len = setup_ntlmssp_auth_req(pSMB, ses,
> >> + char *ntlmsspblob;
> >> +
> >> + /* 5 is an empirical value, large enought to
> >> + * hold authenticate message, max 10 of
> >> + * av paris, doamin,user,workstation mames,
> >> + * flags etc..
> >> + */
> >> + ntlmsspblob = kmalloc(5 *
> >> + sizeof(struct _AUTHENTICATE_MESSAGE),
> >> + GFP_KERNEL);
> >
> > ^^^^ when does this get freed?
>
> Sorry, gave a wrong answer.
>
> iov[1].iov_base = ntlmsspblob; So it gets freed after SendReceive2() call after
> that assignment.
That doesn't get automatically freed. That does mean however that you
can't kfree it at the end of that block. One way to fix it would be to
move the ntlmsspblob declaration to the top of the function and kfree
it at function exit.
--
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
