Commit a424f8bf authored by Steve French's avatar Steve French

[CIFS] fix memory leak in cifs session info struct on reconnect

Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent c01f36a8
...@@ -2148,6 +2148,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2148,6 +2148,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
/* We look for obvious messed up bcc or strings in response so we do not go off /* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */ terminating last Unicode string in response */
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL); ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
if(ses->serverOS == NULL) if(ses->serverOS == NULL)
goto sesssetup_nomem; goto sesssetup_nomem;
...@@ -2160,6 +2162,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2160,6 +2162,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (remaining_words > 0) { if (remaining_words > 0) {
len = UniStrnlen((wchar_t *)bcc_ptr, len = UniStrnlen((wchar_t *)bcc_ptr,
remaining_words-1); remaining_words-1);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL); ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
if(ses->serverNOS == NULL) if(ses->serverNOS == NULL)
goto sesssetup_nomem; goto sesssetup_nomem;
...@@ -2177,6 +2181,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2177,6 +2181,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (remaining_words > 0) { if (remaining_words > 0) {
len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */ /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2*(len+1),GFP_KERNEL); kzalloc(2*(len+1),GFP_KERNEL);
if(ses->serverDomain == NULL) if(ses->serverDomain == NULL)
...@@ -2187,15 +2193,22 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2187,15 +2193,22 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
ses->serverDomain[2*len] = 0; ses->serverDomain[2*len] = 0;
ses->serverDomain[1+(2*len)] = 0; ses->serverDomain[1+(2*len)] = 0;
} /* else no more room so create dummy domain string */ } /* else no more room so create dummy domain string */
else else {
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2, GFP_KERNEL); kzalloc(2, GFP_KERNEL);
}
} else { /* no room so create dummy domain and NOS string */ } else { /* no room so create dummy domain and NOS string */
/* if these kcallocs fail not much we /* if these kcallocs fail not much we
can do, but better to not fail the can do, but better to not fail the
sesssetup itself */ sesssetup itself */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2, GFP_KERNEL); kzalloc(2, GFP_KERNEL);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = ses->serverNOS =
kzalloc(2, GFP_KERNEL); kzalloc(2, GFP_KERNEL);
} }
...@@ -2204,6 +2217,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2204,6 +2217,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (((long) bcc_ptr + len) - (long) if (((long) bcc_ptr + len) - (long)
pByteArea(smb_buffer_response) pByteArea(smb_buffer_response)
<= BCC(smb_buffer_response)) { <= BCC(smb_buffer_response)) {
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = kzalloc(len + 1,GFP_KERNEL); ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
if(ses->serverOS == NULL) if(ses->serverOS == NULL)
goto sesssetup_nomem; goto sesssetup_nomem;
...@@ -2214,6 +2229,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2214,6 +2229,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
if(ses->serverNOS == NULL) if(ses->serverNOS == NULL)
goto sesssetup_nomem; goto sesssetup_nomem;
...@@ -2223,6 +2240,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2223,6 +2240,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = kzalloc(len + 1,GFP_KERNEL); ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
if(ses->serverDomain == NULL) if(ses->serverDomain == NULL)
goto sesssetup_nomem; goto sesssetup_nomem;
...@@ -2427,6 +2446,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2427,6 +2446,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
/* We look for obvious messed up bcc or strings in response so we do not go off /* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */ terminating last Unicode string in response */
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = ses->serverOS =
kzalloc(2 * (len + 1), GFP_KERNEL); kzalloc(2 * (len + 1), GFP_KERNEL);
cifs_strfromUCS_le(ses->serverOS, cifs_strfromUCS_le(ses->serverOS,
...@@ -2441,6 +2462,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2441,6 +2462,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
len = UniStrnlen((wchar_t *)bcc_ptr, len = UniStrnlen((wchar_t *)bcc_ptr,
remaining_words remaining_words
- 1); - 1);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = ses->serverNOS =
kzalloc(2 * (len + 1), kzalloc(2 * (len + 1),
GFP_KERNEL); GFP_KERNEL);
...@@ -2454,7 +2477,9 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2454,7 +2477,9 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
remaining_words -= len + 1; remaining_words -= len + 1;
if (remaining_words > 0) { if (remaining_words > 0) {
len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */ /* last string not null terminated (e.g.Windows XP/2000) */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL); ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
cifs_strfromUCS_le(ses->serverDomain, cifs_strfromUCS_le(ses->serverDomain,
(__le16 *)bcc_ptr, (__le16 *)bcc_ptr,
...@@ -2463,11 +2488,18 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2463,11 +2488,18 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
ses->serverDomain[2*len] = 0; ses->serverDomain[2*len] = 0;
ses->serverDomain[1+(2*len)] = 0; ses->serverDomain[1+(2*len)] = 0;
} /* else no more room so create dummy domain string */ } /* else no more room so create dummy domain string */
else else {
if(ses->serverDomain)
` kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2,GFP_KERNEL); kzalloc(2,GFP_KERNEL);
} else { /* no room so create dummy domain and NOS string */ }
} else {/* no room use dummy domain&NOS */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = kzalloc(2, GFP_KERNEL); ses->serverDomain = kzalloc(2, GFP_KERNEL);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(2, GFP_KERNEL); ses->serverNOS = kzalloc(2, GFP_KERNEL);
} }
} else { /* ASCII */ } else { /* ASCII */
...@@ -2476,6 +2508,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2476,6 +2508,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (((long) bcc_ptr + len) - (long) if (((long) bcc_ptr + len) - (long)
pByteArea(smb_buffer_response) pByteArea(smb_buffer_response)
<= BCC(smb_buffer_response)) { <= BCC(smb_buffer_response)) {
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = kzalloc(len + 1, GFP_KERNEL); ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
strncpy(ses->serverOS, bcc_ptr, len); strncpy(ses->serverOS, bcc_ptr, len);
...@@ -2484,6 +2518,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2484,6 +2518,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
strncpy(ses->serverNOS, bcc_ptr, len); strncpy(ses->serverNOS, bcc_ptr, len);
bcc_ptr += len; bcc_ptr += len;
...@@ -2491,6 +2527,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -2491,6 +2527,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverDomain)
kfree(ses->severDomain);
ses->serverDomain = kzalloc(len + 1, GFP_KERNEL); ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
strncpy(ses->serverDomain, bcc_ptr, len); strncpy(ses->serverDomain, bcc_ptr, len);
bcc_ptr += len; bcc_ptr += len;
...@@ -2728,6 +2766,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2728,6 +2766,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
/* We look for obvious messed up bcc or strings in response so we do not go off /* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */ terminating last Unicode string in response */
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = ses->serverOS =
kzalloc(2 * (len + 1), GFP_KERNEL); kzalloc(2 * (len + 1), GFP_KERNEL);
cifs_strfromUCS_le(ses->serverOS, cifs_strfromUCS_le(ses->serverOS,
...@@ -2743,6 +2783,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2743,6 +2783,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
bcc_ptr, bcc_ptr,
remaining_words remaining_words
- 1); - 1);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = ses->serverNOS =
kzalloc(2 * (len + 1), kzalloc(2 * (len + 1),
GFP_KERNEL); GFP_KERNEL);
...@@ -2760,6 +2802,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2760,6 +2802,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
if (remaining_words > 0) { if (remaining_words > 0) {
len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
/* last string is not always null terminated (for e.g. for Windows XP & 2000) */ /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2 * kzalloc(2 *
(len + (len +
...@@ -2777,13 +2821,20 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2777,13 +2821,20 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
[1 + (2 * len)] [1 + (2 * len)]
= 0; = 0;
} /* else no more room so create dummy domain string */ } /* else no more room so create dummy domain string */
else else {
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2, kzalloc(2,
GFP_KERNEL); GFP_KERNEL);
}
} else { /* no room so create dummy domain and NOS string */ } else { /* no room so create dummy domain and NOS string */
if(ses->serverDomain);
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2, GFP_KERNEL); kzalloc(2, GFP_KERNEL);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = ses->serverNOS =
kzalloc(2, GFP_KERNEL); kzalloc(2, GFP_KERNEL);
} }
...@@ -2792,6 +2843,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2792,6 +2843,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
if (((long) bcc_ptr + len) - (long) if (((long) bcc_ptr + len) - (long)
pByteArea(smb_buffer_response) pByteArea(smb_buffer_response)
<= BCC(smb_buffer_response)) { <= BCC(smb_buffer_response)) {
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = ses->serverOS =
kzalloc(len + 1, kzalloc(len + 1,
GFP_KERNEL); GFP_KERNEL);
...@@ -2803,6 +2856,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2803,6 +2856,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = ses->serverNOS =
kzalloc(len + 1, kzalloc(len + 1,
GFP_KERNEL); GFP_KERNEL);
...@@ -2812,6 +2867,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -2812,6 +2867,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(len + 1, kzalloc(len + 1,
GFP_KERNEL); GFP_KERNEL);
...@@ -3116,6 +3173,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3116,6 +3173,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
/* We look for obvious messed up bcc or strings in response so we do not go off /* We look for obvious messed up bcc or strings in response so we do not go off
the end since (at least) WIN2K and Windows XP have a major bug in not null the end since (at least) WIN2K and Windows XP have a major bug in not null
terminating last Unicode string in response */ terminating last Unicode string in response */
if(ses->serverOS)
kfree(serverOS);
ses->serverOS = ses->serverOS =
kzalloc(2 * (len + 1), GFP_KERNEL); kzalloc(2 * (len + 1), GFP_KERNEL);
cifs_strfromUCS_le(ses->serverOS, cifs_strfromUCS_le(ses->serverOS,
...@@ -3131,6 +3190,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3131,6 +3190,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr, bcc_ptr,
remaining_words remaining_words
- 1); - 1);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = ses->serverNOS =
kzalloc(2 * (len + 1), kzalloc(2 * (len + 1),
GFP_KERNEL); GFP_KERNEL);
...@@ -3147,6 +3208,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3147,6 +3208,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (remaining_words > 0) { if (remaining_words > 0) {
len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
/* last string not always null terminated (e.g. for Windows XP & 2000) */ /* last string not always null terminated (e.g. for Windows XP & 2000) */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = ses->serverDomain =
kzalloc(2 * kzalloc(2 *
(len + (len +
...@@ -3172,10 +3235,17 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3172,10 +3235,17 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
len)] len)]
= 0; = 0;
} /* else no more room so create dummy domain string */ } /* else no more room so create dummy domain string */
else else {
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = kzalloc(2,GFP_KERNEL); ses->serverDomain = kzalloc(2,GFP_KERNEL);
}
} else { /* no room so create dummy domain and NOS string */ } else { /* no room so create dummy domain and NOS string */
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = kzalloc(2, GFP_KERNEL); ses->serverDomain = kzalloc(2, GFP_KERNEL);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(2, GFP_KERNEL); ses->serverNOS = kzalloc(2, GFP_KERNEL);
} }
} else { /* ASCII */ } else { /* ASCII */
...@@ -3183,6 +3253,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3183,6 +3253,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (((long) bcc_ptr + len) - if (((long) bcc_ptr + len) -
(long) pByteArea(smb_buffer_response) (long) pByteArea(smb_buffer_response)
<= BCC(smb_buffer_response)) { <= BCC(smb_buffer_response)) {
if(ses->serverOS)
kfree(ses->serverOS);
ses->serverOS = kzalloc(len + 1,GFP_KERNEL); ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
strncpy(ses->serverOS,bcc_ptr, len); strncpy(ses->serverOS,bcc_ptr, len);
...@@ -3191,6 +3263,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3191,6 +3263,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverNOS)
kfree(ses->serverNOS);
ses->serverNOS = kzalloc(len+1,GFP_KERNEL); ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
strncpy(ses->serverNOS, bcc_ptr, len); strncpy(ses->serverNOS, bcc_ptr, len);
bcc_ptr += len; bcc_ptr += len;
...@@ -3198,6 +3272,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3198,6 +3272,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
bcc_ptr++; bcc_ptr++;
len = strnlen(bcc_ptr, 1024); len = strnlen(bcc_ptr, 1024);
if(ses->serverDomain)
kfree(ses->serverDomain);
ses->serverDomain = kzalloc(len+1,GFP_KERNEL); ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
strncpy(ses->serverDomain, bcc_ptr, len); strncpy(ses->serverDomain, bcc_ptr, len);
bcc_ptr += len; bcc_ptr += len;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment