git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Wed, 2 Apr 2025 00:11:23 +0000 (09:11 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 10 Apr 2025 12:39:39 +0000 (14:39 +0200)
commit	ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad
tree	1c216fb7d0e3759f5533c8f3eb22e23395d1b9a3	tree
parent	56de7778a48560278c334077ace7b9ac4bfb2fd1	commit \| diff

ksmbd: fix null pointer dereference in alloc_preauth_hash()

commit c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780 upstream.

The Client send malformed smb2 negotiate request. ksmbd return error
response. Subsequently, the client can send smb2 session setup even
thought conn->preauth_info is not allocated.
This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore
session setup request if smb2 negotiate phase is not complete.

Cc: stable@vger.kernel.org
Tested-by: Steve French <stfrench@microsoft.com>
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-26505
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/connection.h		diff \| blob \| blame \| history
fs/smb/server/mgmt/user_session.c		diff \| blob \| blame \| history
fs/smb/server/smb2pdu.c		diff \| blob \| blame \| history