cifs: fix memory leak in SMB2_open()

BugLink: http://bugs.launchpad.net/bugs/1773233
commit b7a73c84eb96dabd6bb8e9d7c56f796d83efee8e upstream.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index e80fab8c80893cda1ec0dfa12bba3d1e40750b3d..18bf0b9f19ed98a5bb7c3238757692244d7206f7 100644 (file)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1758,8 +1758,10 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
                rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
                                                 &name_len,
                                                 tcon->treeName, path);
-               if (rc)
+               if (rc) {
+                       cifs_small_buf_release(req);
                        return rc;
+               }
                req->NameLength = cpu_to_le16(name_len * 2);
                uni_path_len = copy_size;
                path = copy_path;
@@ -1770,8 +1772,10 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
                if (uni_path_len % 8 != 0) {
                        copy_size = roundup(uni_path_len, 8);
                        copy_path = kzalloc(copy_size, GFP_KERNEL);
-                       if (!copy_path)
+                       if (!copy_path) {
+                               cifs_small_buf_release(req);
                                return -ENOMEM;
+                       }
                        memcpy((char *)copy_path, (const char *)path,
                               uni_path_len);
                        uni_path_len = copy_size;