]> Git Repo - linux.git/commitdiff
smb: client: fix potential UAF in smb2_is_valid_lease_break()
authorPaulo Alcantara <[email protected]>
Tue, 2 Apr 2024 19:33:58 +0000 (16:33 -0300)
committerSteve French <[email protected]>
Wed, 3 Apr 2024 19:43:45 +0000 (14:43 -0500)
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.

Cc: [email protected]
Signed-off-by: Paulo Alcantara (Red Hat) <[email protected]>
Signed-off-by: Steve French <[email protected]>
fs/smb/client/smb2misc.c

index 82b84a4941dd2f05e8d516b54b6a209dbd7985d1..ed6d033dce96dd0932a985f96e684b35294fe367 100644 (file)
@@ -622,6 +622,8 @@ smb2_is_valid_lease_break(char *buffer, struct TCP_Server_Info *server)
        /* look up tcon based on tid & uid */
        spin_lock(&cifs_tcp_ses_lock);
        list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
+               if (cifs_ses_exiting(ses))
+                       continue;
                list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
                        spin_lock(&tcon->open_file_lock);
                        cifs_stats_inc(
This page took 0.055118 seconds and 4 git commands to generate.