cifs: fix leak in FSCTL_ENUM_SNAPS response handling

The server may respond with success, and an output buffer less than
sizeof(struct smb_snapshot_array) in length. Do not leak the output
buffer in this case.

Fixes: 834170c859 ("Enable previous version support")
Signed-off-by: David Disseldorp <ddiss@suse.de>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
This commit is contained in:
David Disseldorp 2017-05-03 17:39:09 +02:00 коммит произвёл Steve French
Родитель 26c9cb668c
Коммит 0e5c795592
1 изменённых файлов: 1 добавлений и 0 удалений

Просмотреть файл

@ -942,6 +942,7 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
}
if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
rc = -ERANGE;
kfree(retbuf);
return rc;
}