Re: [PATCH -v3 3/4 cifs] NTLMv2/NTLMSSP define crypto hash functions and create and send keys needed for key exchange

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 14 Sep 2010 22:38:14 -0500
Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:

> >> +             if (ses->tilen > 0) {
> >> +                     memcpy(bcc_ptr, ses->tiblob,
> >> +                             ses->tilen);
> >> +                     bcc_ptr += ses->tilen;
> >> +                     kfree(ses->tiblob);
> >> +                     ses->tilen = 0;
> >> +             }
> >>               if (ses->capabilities & CAP_UNICODE) {
> >>                       if (iov[0].iov_len % 2) {
> >>                               *bcc_ptr = 0;
> >> @@ -815,12 +862,33 @@ ssetup_ntlmssp_authenticate:
> >>                       if (phase == NtLmNegotiate) {
> >>                               setup_ntlmssp_neg_req(pSMB, ses);
> >>                               iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
> >> +                             iov[1].iov_base = &pSMB->req.SecurityBlob[0];
> >>                       } else if (phase == NtLmAuthenticate) {
> >>                               int blob_len;
> >> -                             blob_len = setup_ntlmssp_auth_req(pSMB, ses,
> >> +                             char *ntlmsspblob;
> >> +
> >> +                             /* 5 is an empirical value, large enought to
> >> +                              * hold authenticate message, max 10 of
> >> +                              * av paris, doamin,user,workstation mames,
> >> +                              * flags etc..
> >> +                              */
> >> +                             ntlmsspblob = kmalloc(5 *
> >> +                                     sizeof(struct _AUTHENTICATE_MESSAGE),
> >> +                                     GFP_KERNEL);
> >
> >                                ^^^^ when does this get freed?
> 
> Sorry, gave a wrong answer.
> 
> iov[1].iov_base = ntlmsspblob;  So it gets freed after SendReceive2() call after
> that assignment.

That doesn't get automatically freed. That does mean however that you
can't kfree it at the end of that block. One way to fix it would be to
move the ntlmsspblob declaration to the top of the function and kfree
it at function exit.

-- 
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux