If client send multiple session setup requests to ksmbd,
Preauh_HashValue race condition could happen.
There is no need to free sess->Preauh_HashValue at session setup phase.
It can be freed together with session at connection termination phase.
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-27661
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
                                ksmbd_conn_set_good(conn);
                                sess->state = SMB2_SESSION_VALID;
                        }
-                       kfree(sess->Preauth_HashValue);
-                       sess->Preauth_HashValue = NULL;
                } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) {
                        if (negblob->MessageType == NtLmNegotiate) {
                                rc = ntlm_negotiate(work, negblob, negblob_len, rsp);
                                                kfree(preauth_sess);
                                        }
                                }
-                               kfree(sess->Preauth_HashValue);
-                               sess->Preauth_HashValue = NULL;
                        } else {
                                pr_info_ratelimited("Unknown NTLMSSP message type : 0x%x\n",
                                                le32_to_cpu(negblob->MessageType));