git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Fri, 13 Jun 2025 01:12:43 +0000 (10:12 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 27 Jun 2025 10:07:37 +0000 (11:07 +0100)
commit	281afc52e2961cd5dd8326ebc9c5bc40904c0468
tree	bf6736706c7367c76af38cb50a227920ff51b601	tree
parent	cdc1749775cd4da34a538e0482398af7b742e00f	commit \| diff

ksmbd: fix null pointer dereference in destroy_previous_session

commit 7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e upstream.

If client set ->PreviousSessionId on kerberos session setup stage,
NULL pointer dereference error will happen. Since sess->user is not
set yet, It can pass the user argument as NULL to destroy_previous_session.
sess->user will be set in ksmbd_krb5_authenticate(). So this patch move
calling destroy_previous_session() after ksmbd_krb5_authenticate().

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-27391
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>