From: Dan Carpenter dan.carpenter@oracle.com
mainline inclusion from mainline-5.15-rc1 commit 8b99f3504b688e3b55380521b6bf68c3d0c485d6 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/8b99f3504b68
-------------------------------
If smb2_get_name() then name is an error pointer. In the clean up code, we try to kfree() it and that will lead to an Oops. Set it to NULL instead.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/smb2pdu.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index d2fc945c38ec..8155a282c151 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2451,6 +2451,7 @@ int smb2_open(struct ksmbd_work *work) rc = PTR_ERR(name); if (rc != -ENOMEM) rc = -ENOENT; + name = NULL; goto err_out1; }