If we enter smb2_query_symlink() for something that is not a symlink and where the SMB2_open() would succeed we would never end up closing this handle and would thus leak a handle on the server.
Fix this by immediately calling SMB2_close() on successfull open.
Signed-off-by: Ronnie Sahlberg lsahlber@redhat.com CC: Stable stable@vger.kernel.org --- fs/cifs/smb2ops.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 83a100dd2497..ab4737e3c31f 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -2397,6 +2397,8 @@ smb2_query_symlink(const unsigned int xid, struct cifs_tcon *tcon,
rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, &err_iov, &resp_buftype); + if (!rc) + SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); if (!rc || !err_iov.iov_base) { rc = -ENOENT; goto free_path;
вт, 9 апр. 2019 г. в 14:47, Ronnie Sahlberg lsahlber@redhat.com:
If we enter smb2_query_symlink() for something that is not a symlink and where the SMB2_open() would succeed we would never end up closing this handle and would thus leak a handle on the server.
Fix this by immediately calling SMB2_close() on successfull open.
Signed-off-by: Ronnie Sahlberg lsahlber@redhat.com CC: Stable stable@vger.kernel.org
fs/cifs/smb2ops.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 83a100dd2497..ab4737e3c31f 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -2397,6 +2397,8 @@ smb2_query_symlink(const unsigned int xid, struct cifs_tcon *tcon,
rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, &err_iov, &resp_buftype);
if (!rc)SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); if (!rc || !err_iov.iov_base) { rc = -ENOENT; goto free_path;-- 2.13.6
Looks good.
Reviewed-by: Pavel Shilovsky pshilov@microsoft.com
-- Best regards, Pavel Shilovsky
linux-stable-mirror@lists.linaro.org
-
Pavel Shilovsky -
Ronnie Sahlberg