git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Sean Heelan <seanheelan@gmail.com>
	Sat, 19 Apr 2025 18:59:28 +0000 (19:59 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 9 May 2025 07:41:36 +0000 (09:41 +0200)
commit	e34a33d5d7e87399af0a138bb32f6a3e95dd83d2
tree	eaecba0ac1943765b73790c5400e565712969265	tree
parent	cf443f314509cff8539c6d73b81e2d55bc061992	commit \| diff

ksmbd: fix use-after-free in kerberos authentication

commit e86e9134e1d1c90a960dd57f59ce574d27b9a124 upstream.

Setting sess->user = NULL was introduced to fix the dangling pointer
created by ksmbd_free_user. However, it is possible another thread could
be operating on the session and make use of sess->user after it has been
passed to ksmbd_free_user but before sess->user is set to NULL.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Heelan <seanheelan@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/auth.c		diff \| blob \| blame \| history
fs/smb/server/smb2pdu.c		diff \| blob \| blame \| history