diff options
| author | Jethro Donaldson <[email protected]> | 2025-05-14 13:23:23 +0000 |
|---|---|---|
| committer | Steve French <[email protected]> | 2025-05-15 00:26:15 +0000 |
| commit | 1fe4a44b7fa3955bcb7b4067c07b778fe90d8ee7 (patch) | |
| tree | e22246228790c15a0ea24dbdbb7eccfc704318f1 /scripts/gcc-plugins/sancov_plugin.c | |
| parent | Linux 6.15-rc6 (diff) | |
| download | kernel-1fe4a44b7fa3955bcb7b4067c07b778fe90d8ee7.tar.gz kernel-1fe4a44b7fa3955bcb7b4067c07b778fe90d8ee7.zip | |
smb: client: fix memory leak during error handling for POSIX mkdir
The response buffer for the CREATE request handled by smb311_posix_mkdir()
is leaked on the error path (goto err_free_rsp_buf) because the structure
pointer *rsp passed to free_rsp_buf() is not assigned until *after* the
error condition is checked.
As *rsp is initialised to NULL, free_rsp_buf() becomes a no-op and the leak
is instead reported by __kmem_cache_shutdown() upon subsequent rmmod of
cifs.ko if (and only if) the error path has been hit.
Pass rsp_iov.iov_base to free_rsp_buf() instead, similar to the code in
other functions in smb2pdu.c for which *rsp is assigned late.
Cc: [email protected]
Signed-off-by: Jethro Donaldson <[email protected]>
Signed-off-by: Steve French <[email protected]>
Diffstat (limited to 'scripts/gcc-plugins/sancov_plugin.c')
0 files changed, 0 insertions, 0 deletions