| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250415020212.320762-1-donghua.liu@windriver.com>
Date: Tue, 15 Apr 2025 10:02:12 +0800
From: Cliff Liu <donghua.liu@...driver.com>
To: stable@...r.kernel.org
Cc: sfrench@...ba.org, linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
Zhe.He@...driver.com, donghua.liu@...driver.com
Subject: [PATCH 5.15.y] smb: client: fix potential UAF in is_valid_oplock_break()
From: Paulo Alcantara <pc@...guebit.com>
[ Upstream commit 69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 ]
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
Cc: stable@...r.kernel.org
Signed-off-by: Paulo Alcantara (Red Hat) <pc@...guebit.com>
Signed-off-by: Steve French <stfrench@...rosoft.com>
[Minor context change fixed]
Signed-off-by: Cliff Liu <donghua.liu@...driver.com>
Signed-off-by: He Zhe <Zhe.He@...driver.com>
---
Verified the build test.
---
fs/cifs/misc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 33328eae03d7..c7e2bf7a0a0d 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -464,6 +464,8 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
spin_lock(&cifs_tcp_ses_lock);
list_for_each(tmp, &srv->smb_ses_list) {
ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
+ if (cifs_ses_exiting(ses))
+ continue;
list_for_each(tmp1, &ses->tcon_list) {
tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
if (tcon->tid != buf->Tid)
--
2.34.1
Powered by blists - more mailing lists