This is a note to let you know that I've just added the patch titled
cifs: fix leak in FSCTL_ENUM_SNAPS response handling
to the 4.11-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
cifs-fix-leak-in-fsctl_enum_snaps-response-handling.patch
and it can be found in the queue-4.11 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 0e5c795592930d51fd30d53a2e7b73cba022a29b Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@xxxxxxx>
Date: Wed, 3 May 2017 17:39:09 +0200
Subject: cifs: fix leak in FSCTL_ENUM_SNAPS response handling
From: David Disseldorp <ddiss@xxxxxxx>
commit 0e5c795592930d51fd30d53a2e7b73cba022a29b upstream.
The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.
Fixes: 834170c85978 ("Enable previous version support")
Signed-off-by: David Disseldorp <ddiss@xxxxxxx>
Signed-off-by: Steve French <smfrench@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/cifs/smb2ops.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int x
}
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE;
+ kfree(retbuf);
return rc;
}
Patches currently in stable-queue which might be from ddiss@xxxxxxx are
queue-4.11/cifs-fix-cifs_ioc_get_mnt_info-oops.patch
queue-4.11/target-fileio-fix-zero-length-read-and-write-handling.patch
queue-4.11/cifs-fix-cifs_enumerate_snapshots-oops.patch
queue-4.11/cifs-fix-leak-in-fsctl_enum_snaps-response-handling.patch