git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Thu, 27 Mar 2025 12:22:51 +0000 (21:22 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 10 Apr 2025 12:39:38 +0000 (14:39 +0200)
commit	9069939d762138e232a6f79e3e1462682ed6a17d
tree	f0b4e56c2e2aa6c27a56383d957184f5d94de2f8	tree
parent	ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b	commit \| diff

ksmbd: fix session use-after-free in multichannel connection

commit fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db upstream.

There is a race condition between session setup and
ksmbd_sessions_deregister. The session can be freed before the connection
is added to channel list of session.
This patch check reference count of session before freeing it.

Cc: stable@vger.kernel.org
Reported-by: Sean Heelan <seanheelan@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/auth.c		diff \| blob \| blame \| history
fs/smb/server/mgmt/user_session.c		diff \| blob \| blame \| history
fs/smb/server/smb2pdu.c		diff \| blob \| blame \| history