tentatively merged into cifs-2.6.git and added cc:stable On Fri, Apr 9, 2021 at 9:04 AM Aurélien Aptel <aaptel@xxxxxxxx> wrote: > > Hi, > > Ronnie, I think there are some memory issues (use-after-free) in the > smb2_ioctl_query_info() code path. > > I have a fix to get rid of the KASAN splat. I've reordered the kfree() > calls but also replaced the SMB2_xxxx_free() to simply freeing the SMB > small buf. > > It could be leaking the other rqst[i]->rq_iov[] though, I'm not sure if > there are extra stuff we need to free that is not in the vars buf. Can > you take a look? > > See attached patch. > > > > Cheers, > -- > Aurélien Aptel / SUSE Labs Samba Team > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München) -- Thanks, Steve
