projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 98979065 GKH |
1 | From 22863485a4626ec6ecf297f4cc0aef709bc862e4 Mon Sep 17 00:00:00 2001 |
| 2 | From: Paulo Alcantara <pc@manguebit.com> | |
| 3 | Date: Tue, 2 Apr 2024 16:33:59 -0300 | |
| 4 | Subject: smb: client: fix potential UAF in smb2_is_valid_oplock_break() | |
| 5 | ||
| 6 | From: Paulo Alcantara <pc@manguebit.com> | |
| 7 | ||
| 8 | commit 22863485a4626ec6ecf297f4cc0aef709bc862e4 upstream. | |
| 9 | ||
| 10 | Skip sessions that are being teared down (status == SES_EXITING) to | |
| 11 | avoid UAF. | |
| 12 | ||
| 13 | Cc: stable@vger.kernel.org | |
| 14 | Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com> | |
| 15 | Signed-off-by: Steve French <stfrench@microsoft.com> | |
| 16 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 17 | --- | |
| 18 | fs/smb/client/smb2misc.c | 2 ++ | |
| 19 | 1 file changed, 2 insertions(+) | |
| 20 | ||
| 21 | --- a/fs/smb/client/smb2misc.c | |
| 22 | +++ b/fs/smb/client/smb2misc.c | |
| 23 | @@ -697,6 +697,8 @@ smb2_is_valid_oplock_break(char *buffer, | |
| 24 | /* look up tcon based on tid & uid */ | |
| 25 | spin_lock(&cifs_tcp_ses_lock); | |
| 26 | list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { | |
| 27 | + if (cifs_ses_exiting(ses)) | |
| 28 | + continue; | |
| 29 | list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { | |
| 30 | ||
| 31 | spin_lock(&tcon->open_file_lock); |