From: Ralph Boehme <slow@samba.org>
Date: Fri, 23 May 2025 06:47:06 +0000 (+0200)
Subject: CVE-2025-0620: smbd: smbd doesn't pick up group membership changes when re-authentica... 
X-Git-Tag: tevent-0.17.0~70
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6f0ae60428a024b4aba92a8103a698c1eca2357c;p=thirdparty%2Fsamba.git

CVE-2025-0620: smbd: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15707

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Jun  2 15:10:30 UTC 2025 on atb-devel-224
---

diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 4e7e1ce0127..0e4d7823787 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -173,8 +173,8 @@ static void conn_clear_vuid_cache(connection_struct *conn, uint64_t vuid)
 
 	for (i=0; i<VUID_CACHE_SIZE; i++) {
 		ent = &conn->vuid_cache->array[i];
-		if (ent->vuid != vuid) {
-			continue;
+		if (ent->vuid == vuid) {
+			break;
 		}
 	}
 	if (i == VUID_CACHE_SIZE) {