mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/ksmbd
History
Namjae Jeon de428966b4 ksmbd: fix racy issue from smb2 close and logoff with multichannel 
[ Upstream commit abcc506a9a ]

When smb client send concurrent smb2 close and logoff request
with multichannel connection, It can cause racy issue. logoff request
free tcon and can cause UAF issues in smb2 close. When receiving logoff
request with multichannel, ksmbd should wait until all remaning requests
complete as well as ones in the current connection, and then make
session expired.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20796 ZDI-CAN-20595
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-05-17 13:58:55 +02:00
..
mgmt ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 13:58:55 +02:00
Kconfig
Makefile
asn1.c
asn1.h
auth.c ksmbd: fix deadlock in ksmbd_find_crypto_ctx() 2023-05-11 23:10:54 +09:00
auth.h ksmbd: fix encryption failure issue for session logoff response 2022-10-05 01:15:44 -05:00
connection.c ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 13:58:55 +02:00
connection.h ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 13:58:55 +02:00
crypto_ctx.c
crypto_ctx.h
glob.h
ksmbd_netlink.h ksmbd: add max connections parameter 2023-01-20 15:27:48 -06:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c
ksmbd_work.h
misc.c ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
misc.h ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
ndr.c ksmbd: downgrade ndr version error message to debug 2023-01-25 18:31:18 -06:00
ndr.h
nterr.h
ntlmssp.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00
oplock.c ksmbd: set file permission mode to match Samba server posix extension behavior 2022-10-05 01:15:44 -05:00
oplock.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
server.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 13:58:55 +02:00
server.h ksmbd: add max connections parameter 2023-01-20 15:27:48 -06:00
smb2misc.c ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length 2023-03-10 09:29:28 +01:00
smb2ops.c ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share 2022-12-11 08:33:31 -06:00
smb2pdu.c ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 13:58:55 +02:00
smb2pdu.h ksmbd: destroy expired sessions 2023-05-17 13:58:55 +02:00
smb_common.c ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 17:02:47 +02:00
smb_common.h ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 17:02:47 +02:00
smbacl.c fs: rename current get acl method 2022-10-20 10:13:27 +02:00
smbacl.h ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: add max connections parameter 2023-01-20 15:27:48 -06:00
transport_ipc.h
transport_rdma.c ksmbd: don't terminate inactive sessions after a few seconds 2023-03-30 12:51:38 +02:00
transport_rdma.h ksmbd: fix wrong smbd max read/write size check 2022-05-21 15:01:43 -05:00
transport_tcp.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 13:58:55 +02:00
transport_tcp.h
unicode.c
unicode.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
uniupr.h
vfs.c fs.acl.rework.v6.2 2022-12-12 18:46:39 -08:00
vfs.h fs: pass dentry to set acl method 2022-10-19 12:55:42 +02:00
vfs_cache.c ksmbd: fix possible memory leak in smb2_lock() 2023-03-10 09:29:28 +01:00
vfs_cache.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
xattr.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00