git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Sean Heelan <seanheelan@gmail.com>
	Sat, 19 Apr 2025 18:59:28 +0000 (19:59 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 9 May 2025 07:43:53 +0000 (09:43 +0200)
commit	b447463562238428503cfba1c913261047772f90
tree	1103b5b5cff437ccbac70d18d5d839aa18373ba8	tree
parent	a45445b6093d4ffd83bb42da677c29959576fa59	commit \| diff

ksmbd: fix use-after-free in kerberos authentication

commit e86e9134e1d1c90a960dd57f59ce574d27b9a124 upstream.

Setting sess->user = NULL was introduced to fix the dangling pointer
created by ksmbd_free_user. However, it is possible another thread could
be operating on the session and make use of sess->user after it has been
passed to ksmbd_free_user but before sess->user is set to NULL.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Heelan <seanheelan@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/auth.c		diff \| blob \| blame \| history
fs/smb/server/smb2pdu.c		diff \| blob \| blame \| history