SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails

commit da522b5fe1a5f8b7c20a0023e87b52a150e53bf5 upstream.

Fixes: 030d794bf4 ("SUNRPC: Use gssproxy upcall for server RPCGSS authentication.")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Chuck Lever 2022-11-26 15:55:18 -05:00 committed by Greg Kroah-Hartman
parent e027f3b9fa
commit aa91afe597

View File

@ -1104,18 +1104,23 @@ static int gss_read_proxy_verf(struct svc_rqst *rqstp,
return res;
inlen = svc_getnl(argv);
if (inlen > (argv->iov_len + rqstp->rq_arg.page_len))
if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) {
kfree(in_handle->data);
return SVC_DENIED;
}
pages = DIV_ROUND_UP(inlen, PAGE_SIZE);
in_token->pages = kcalloc(pages, sizeof(struct page *), GFP_KERNEL);
if (!in_token->pages)
if (!in_token->pages) {
kfree(in_handle->data);
return SVC_DENIED;
}
in_token->page_base = 0;
in_token->page_len = inlen;
for (i = 0; i < pages; i++) {
in_token->pages[i] = alloc_page(GFP_KERNEL);
if (!in_token->pages[i]) {
kfree(in_handle->data);
gss_free_in_token_pages(in_token);
return SVC_DENIED;
}