smb: client: compress: fix a potential issue of freeing an invalid pointer

[PATCH] smb: client: compress: fix a potential issue of freeing an invalid pointer

Posted by Qianqiang Liu 2 months, 2 weeks ago

The dst pointer may not be initialized when calling kvfree(dst)

Fixes: 13b68d44990d9 ("smb: client: compress: LZ77 code improvements cleanup")
Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>
---
 fs/smb/client/compress.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/smb/client/compress.c b/fs/smb/client/compress.c
index 65d3d219e8bc..daf84e39861c 100644
--- a/fs/smb/client/compress.c
+++ b/fs/smb/client/compress.c
@@ -318,7 +318,7 @@ int smb_compress(struct TCP_Server_Info *server, struct smb_rqst *rq, compress_s
 {
 	struct iov_iter iter;
 	u32 slen, dlen;
-	void *src, *dst;
+	void *src, *dst = NULL;
 	int ret;
 
 	if (!server || !rq || !rq->rq_iov || !rq->rq_iov->iov_base)
-- 
2.34.1

Re: [PATCH] smb: client: compress: fix a potential issue of freeing an invalid pointer

Posted by Steve French 2 months, 2 weeks ago

Good catch.

Added to cifs-2.6.git for-next

On Thu, Sep 12, 2024 at 7:02 PM Qianqiang Liu <qianqiang.liu@163.com> wrote:
>
> The dst pointer may not be initialized when calling kvfree(dst)
>
> Fixes: 13b68d44990d9 ("smb: client: compress: LZ77 code improvements cleanup")
> Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>
> ---
>  fs/smb/client/compress.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/smb/client/compress.c b/fs/smb/client/compress.c
> index 65d3d219e8bc..daf84e39861c 100644
> --- a/fs/smb/client/compress.c
> +++ b/fs/smb/client/compress.c
> @@ -318,7 +318,7 @@ int smb_compress(struct TCP_Server_Info *server, struct smb_rqst *rq, compress_s
>  {
>         struct iov_iter iter;
>         u32 slen, dlen;
> -       void *src, *dst;
> +       void *src, *dst = NULL;
>         int ret;
>
>         if (!server || !rq || !rq->rq_iov || !rq->rq_iov->iov_base)
> --
> 2.34.1
>
>


-- 
Thanks,

Steve