From: Namjae Jeon namjae.jeon@samsung.com
mainline inclusion from mainline-5.15-rc1 commit dac0ec6e1b4a876abb61b6cd2ec589f8e87e95c9 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/dac0ec6e1b4a
-------------------------------
Add missing kfree(conv_name) on error path.
Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/smb2pdu.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 381ee5a812fc..7f665a82d5b4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3266,7 +3266,7 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, char *conv_name; int conv_len; void *kstat; - int struct_sz; + int struct_sz, rc = 0;
conv_name = ksmbd_convert_dir_info_name(d_info, conn->local_nls, @@ -3276,8 +3276,8 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,
/* Somehow the name has only terminating NULL bytes */ if (conv_len < 0) { - kfree(conv_name); - return -EINVAL; + rc = -EINVAL; + goto free_conv_name; }
struct_sz = readdir_info_level_struct_sz(info_level); @@ -3286,7 +3286,8 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,
if (next_entry_offset > d_info->out_buf_len) { d_info->out_buf_len = 0; - return -ENOSPC; + rc = -ENOSPC; + goto free_conv_name; }
kstat = d_info->wptr; @@ -3428,14 +3429,15 @@ static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level, d_info->data_count += next_entry_offset; d_info->out_buf_len -= next_entry_offset; d_info->wptr += next_entry_offset; - kfree(conv_name);
ksmbd_debug(SMB, "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n", info_level, d_info->out_buf_len, next_entry_offset, d_info->data_count);
- return 0; +free_conv_name: + kfree(conv_name); + return rc; }
struct smb2_query_dir_private {