mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 21:03:32 +00:00
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
commitda522b5fe1
upstream. Fixes:030d794bf4
("SUNRPC: Use gssproxy upcall for server RPCGSS authentication.") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: <stable@vger.kernel.org> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
e0d1cf8ef8
commit
67eb848161
1 changed files with 7 additions and 2 deletions
|
@ -1162,18 +1162,23 @@ static int gss_read_proxy_verf(struct svc_rqst *rqstp,
|
|||
return res;
|
||||
|
||||
inlen = svc_getnl(argv);
|
||||
if (inlen > (argv->iov_len + rqstp->rq_arg.page_len))
|
||||
if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) {
|
||||
kfree(in_handle->data);
|
||||
return SVC_DENIED;
|
||||
}
|
||||
|
||||
pages = DIV_ROUND_UP(inlen, PAGE_SIZE);
|
||||
in_token->pages = kcalloc(pages, sizeof(struct page *), GFP_KERNEL);
|
||||
if (!in_token->pages)
|
||||
if (!in_token->pages) {
|
||||
kfree(in_handle->data);
|
||||
return SVC_DENIED;
|
||||
}
|
||||
in_token->page_base = 0;
|
||||
in_token->page_len = inlen;
|
||||
for (i = 0; i < pages; i++) {
|
||||
in_token->pages[i] = alloc_page(GFP_KERNEL);
|
||||
if (!in_token->pages[i]) {
|
||||
kfree(in_handle->data);
|
||||
gss_free_in_token_pages(in_token);
|
||||
return SVC_DENIED;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue