cifs: fix memory leak in SMB2_open()

commit b7a73c84eb96dabd6bb8e9d7c56f796d83efee8e upstream.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 66af1f8a13cc71cdfda751eed338c59fa233a910..49779d952cd55cde658fe5cbb49c2fb38ae0bb7b 100644 (file)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1773,8 +1773,10 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
                rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
                                                 &name_len,
                                                 tcon->treeName, path);
-               if (rc)
+               if (rc) {
+                       cifs_small_buf_release(req);
                        return rc;
+               }
                req->NameLength = cpu_to_le16(name_len * 2);
                uni_path_len = copy_size;
                path = copy_path;
@@ -1785,8 +1787,10 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
                if (uni_path_len % 8 != 0) {
                        copy_size = roundup(uni_path_len, 8);
                        copy_path = kzalloc(copy_size, GFP_KERNEL);
-                       if (!copy_path)
+                       if (!copy_path) {
+                               cifs_small_buf_release(req);
                                return -ENOMEM;
+                       }
                        memcpy((char *)copy_path, (const char *)path,
                               uni_path_len);
                        uni_path_len = copy_size;