From 2c834067bf731e663c6269489bf5dc0a9b4c6299 Mon Sep 17 00:00:00 2001
From: Spencer Berger <bergerspencer@gmail.com>
Date: Tue, 21 Jul 2020 19:36:05 -0700
Subject: [PATCH] 12977 smb3 server encryption leak in smb2_send_reply Reviewed
 by: Gordon Ross <gordon.w.ross@gmail.com> Reviewed by: Dan McDonald
 <danmcd@joyent.com> Approved by: Robert Mustacchi <rm@fingolfin.org>

---
 usr/src/uts/common/fs/smbsrv/smb2_dispatch.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/usr/src/uts/common/fs/smbsrv/smb2_dispatch.c b/usr/src/uts/common/fs/smbsrv/smb2_dispatch.c
index afe8d04013b1..9aafb6e4d7d4 100644
--- a/usr/src/uts/common/fs/smbsrv/smb2_dispatch.c
+++ b/usr/src/uts/common/fs/smbsrv/smb2_dispatch.c
@@ -1492,8 +1492,7 @@ smb2_send_reply(smb_request_t *sr)
 
 	if ((session->capabilities & SMB2_CAP_ENCRYPTION) == 0 ||
 	    sr->tform_ssn == NULL) {
-		if (smb_session_send(sr->session, 0, &sr->reply) == 0)
-			sr->reply.chain = 0;
+		(void) smb_session_send(sr->session, 0, &sr->reply);
 		return;
 	}
 
@@ -1518,8 +1517,8 @@ smb2_send_reply(smb_request_t *sr)
 		goto errout;
 	}
 
-	if (smb_session_send(sr->session, 0, &enc_reply) == 0)
-		enc_reply.chain = 0;
+	(void) smb_session_send(sr->session, 0, &enc_reply);
+	kmem_free(tmpbuf, buflen);
 	return;
 
 errout: