Skip to content

Commit

Permalink
ksmbd: fix a missing return value check bug
Browse files Browse the repository at this point in the history 
In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct()
fails to allocate a node, it returns a NULL pointer to the
in_work pointer. This can lead to an illegal memory write of
in_work->response_buf when allocate_interim_rsp_buf() attempts
to perform a kzalloc() on it.

To address this issue, incorporating a check for the return
value of ksmbd_alloc_work_struct() ensures that the function
returns immediately upon allocation failure, thereby preventing
the aforementioned illegal memory access.

Fixes: 041bba4414cd ("ksmbd: fix wrong interim response on compound")
Signed-off-by: Wentao Liang <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
  • Loading branch information
@rwnbiad105 @namjaejeon
rwnbiad105 authored and namjaejeon committed Dec 30, 2024
1 parent 10410d4 commit bb2e2a0
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -701,6 +701,9 @@ void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status)
struct smb2_hdr *rsp_hdr;
struct ksmbd_work *in_work = ksmbd_alloc_work_struct();

if (!in_work)
return;

if (allocate_interim_rsp_buf(in_work)) {
pr_err("smb_allocate_rsp_buf failed!\n");
ksmbd_free_work_struct(in_work);
Expand Down

0 comments on commit bb2e2a0

Please sign in to comment.