git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Steve French <smfrench@gmail.com>
	Fri, 20 Apr 2018 17:19:07 +0000 (12:19 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 29 Apr 2018 05:50:01 +0000 (07:50 +0200)
commit	5f3a3e86bede7d16c5e4250870402707be40a3fd
tree	46583342923ae9dc5b2b1ee124620607a74e6acb	tree \| snapshot
parent	8e2def054b2b088d18d7009aecf470aa62ab360e	commit \| diff

cifs: do not allow creating sockets except with SMB1 posix exensions

commit 1d0cffa674cfa7d185a302c8c6850fc50b893bed upstream.

RHBZ: 1453123

Since at least the 3.10 kernel and likely a lot earlier we have
not been able to create unix domain sockets in a cifs share
when mounted using the SFU mount option (except when mounted
with the cifs unix extensions to Samba e.g.)
Trying to create a socket, for example using the af_unix command from
xfstests will cause :
BUG: unable to handle kernel NULL pointer dereference at 00000000
00000040

Since no one uses or depends on being able to create unix domains sockets
on a cifs share the easiest fix to stop this vulnerability is to simply
not allow creation of any other special files than char or block devices
when sfu is used.

Added update to Ronnie's patch to handle a tcon link leak, and
to address a buf leak noticed by Gustavo and Colin.

Acked-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
CC: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Reported-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>