ksmbd: Fix refcount leak when invalid session is found on session lookup

When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.

Cc: stable@vger.kernel.org
Reported-by: Alexandre <roger.andersen@protonmail.com>
Reported-by: Stanislas Polu <spolu@dust.tt>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/mgmt/user_session.c b/fs/smb/server/mgmt/user_session.c
index 1c181ef999295736cbd78fa51d75ccca04416522..7d880ff34402e0fe0cbddc0b0a070efac0658695 100644 (file)
--- a/fs/smb/server/mgmt/user_session.c
+++ b/fs/smb/server/mgmt/user_session.c
@@ -325,8 +325,10 @@ struct ksmbd_session *ksmbd_session_lookup_all(struct ksmbd_conn *conn,
        sess = ksmbd_session_lookup(conn, id);
        if (!sess && conn->binding)
                sess = ksmbd_session_lookup_slowpath(id);
-       if (sess && sess->state != SMB2_SESSION_VALID)
+       if (sess && sess->state != SMB2_SESSION_VALID) {
+               ksmbd_user_session_put(sess);
                sess = NULL;
+       }
        return sess;
 }