]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
projects / mirror_ubuntu-kernels.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ed27040) | patch
ksmbd: validate session id and tree id in the compound request
authorNamjae Jeon <linkinjeon@kernel.org>
Thu, 15 Jun 2023 13:05:29 +0000 (22:05 +0900)
committerRoxana Nicolescu <roxana.nicolescu@canonical.com>
Mon, 2 Oct 2023 15:19:15 +0000 (17:19 +0200)
commit49e4f14e6b8287059abead8147f80d463cf96635
tree6fd787394ae6cf668f8348086b5318f394f20f8ctree
parented270402a649a4db9c9d5e3ba5a2a19b4035a433commit | diff
ksmbd: validate session id and tree id in the compound request

BugLink: https://bugs.launchpad.net/bugs/2033931
commit 5005bcb4219156f1bf7587b185080ec1da08518e upstream.

This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21165
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
fs/ksmbd/server.c diff | blob | blame | history
fs/ksmbd/smb2pdu.c diff | blob | blame | history
Ubuntu combined Linux kernel mirror