]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 8cf0b93) | patch
ksmbd: fix user-after-free from session log off
authorNamjae Jeon <linkinjeon@kernel.org>
Tue, 8 Oct 2024 13:42:57 +0000 (22:42 +0900)
committerSteve French <stfrench@microsoft.com>
Thu, 10 Oct 2024 02:23:17 +0000 (21:23 -0500)
commit7aa8804c0b67b3cb263a472d17f2cb50d7f1a930
treeca9bcec68d50fe0c0bb15b00308935f09737cd10tree
parent8cf0b93919e13d1e8d4466eb4080a4c4d9d66d7bcommit | diff
ksmbd: fix user-after-free from session log off

There is racy issue between smb2 session log off and smb2 session setup.
It will cause user-after-free from session log off.
This add session_lock when setting SMB2_SESSION_EXPIRED and referece
count to session struct not to free session while it is being used.

Cc: stable@vger.kernel.org # v5.15+
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-25282
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/mgmt/user_session.c diff | blob | history
fs/smb/server/mgmt/user_session.h diff | blob | history
fs/smb/server/server.c diff | blob | history
fs/smb/server/smb2pdu.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.