From: Greg Kroah-Hartman Date: Sun, 8 Oct 2023 19:44:03 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v4.14.327~38 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=61bbd7b2ebc999e8639073a235515930ff415df7;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: ksmbd-fix-uaf-in-smb20_oplock_break_ack.patch --- diff --git a/queue-5.15/ksmbd-fix-uaf-in-smb20_oplock_break_ack.patch b/queue-5.15/ksmbd-fix-uaf-in-smb20_oplock_break_ack.patch new file mode 100644 index 00000000000..f0b55d61991 --- /dev/null +++ b/queue-5.15/ksmbd-fix-uaf-in-smb20_oplock_break_ack.patch @@ -0,0 +1,34 @@ +From c69813471a1ec081a0b9bf0c6bd7e8afd818afce Mon Sep 17 00:00:00 2001 +From: luosili +Date: Wed, 4 Oct 2023 18:29:36 +0900 +Subject: ksmbd: fix uaf in smb20_oplock_break_ack + +From: luosili + +commit c69813471a1ec081a0b9bf0c6bd7e8afd818afce upstream. + +drop reference after use opinfo. + +Signed-off-by: luosili +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/ksmbd/smb2pdu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/ksmbd/smb2pdu.c ++++ b/fs/ksmbd/smb2pdu.c +@@ -8058,10 +8058,10 @@ static void smb20_oplock_break_ack(struc + goto err_out; + } + +- opinfo_put(opinfo); +- ksmbd_fd_put(work, fp); + opinfo->op_state = OPLOCK_STATE_NONE; + wake_up_interruptible_all(&opinfo->oplock_q); ++ opinfo_put(opinfo); ++ ksmbd_fd_put(work, fp); + + rsp->StructureSize = cpu_to_le16(24); + rsp->OplockLevel = rsp_oplevel; diff --git a/queue-5.15/series b/queue-5.15/series index 1bfa7662279..0205732d7a7 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -71,3 +71,4 @@ rdma-cma-fix-truncation-compilation-warning-in-make_cma_ports.patch rdma-uverbs-fix-typo-of-sizeof-argument.patch rdma-siw-fix-connection-failure-handling.patch rdma-mlx5-fix-null-string-error.patch +ksmbd-fix-uaf-in-smb20_oplock_break_ack.patch