mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 10:31:08 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/ksmbd
History
Namjae Jeon 4aba9ab6a0 ksmbd: fix racy issue from smb2 close and logoff with multichannel 
[ Upstream commit abcc506a9a ]

When smb client send concurrent smb2 close and logoff request
with multichannel connection, It can cause racy issue. logoff request
free tcon and can cause UAF issues in smb2 close. When receiving logoff
request with multichannel, ksmbd should wait until all remaning requests
complete as well as ones in the current connection, and then make
session expired.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20796 ZDI-CAN-20595
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-17 11:53:57 +02:00
..
mgmt ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
asn1.c ksmbd: use oid registry functions to decode OIDs 2021-12-28 22:47:22 -06:00
asn1.h
auth.c ksmbd: fix deadlock in ksmbd_find_crypto_ctx() 2023-05-11 23:03:04 +09:00
auth.h ksmbd: fix encryption failure issue for session logoff response 2022-10-05 01:15:44 -05:00
connection.c ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
connection.h ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
crypto_ctx.c ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
crypto_ctx.h ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
glob.h ksmbd: fix version mismatch with out of tree 2021-10-07 10:18:34 -05:00
Kconfig ksmbd: remove md4 leftovers 2021-11-11 19:22:58 -06:00
ksmbd_netlink.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c ksmbd: Remove redundant 'flush_workqueue()' calls 2021-11-06 23:52:06 -05:00
ksmbd_work.h ksmbd: remove smb2_buf_length in smb2_hdr 2021-11-11 19:22:58 -06:00
Makefile
misc.c ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
misc.h ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
ndr.c ksmbd: downgrade ndr version error message to debug 2023-02-01 08:34:38 +01:00
ndr.h ksmbd: add user namespace support 2021-07-02 16:27:10 +09:00
nterr.h
ntlmssp.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00
oplock.c ksmbd: set file permission mode to match Samba server posix extension behavior 2022-10-05 01:15:44 -05:00
oplock.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
server.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
server.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
smb2misc.c ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length 2023-03-10 09:34:07 +01:00
smb2ops.c ksmbd: add support for smb2 max credit parameter 2022-01-10 12:44:19 -06:00
smb2pdu.c ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
smb2pdu.h ksmbd: destroy expired sessions 2023-05-17 11:53:56 +02:00
smb_common.c ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smb_common.h ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smbacl.c ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbacl.h ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
transport_ipc.h ksmbd: throttle session setup failures to avoid dictionary attacks 2021-10-20 00:07:10 -05:00
transport_rdma.c ksmbd: don't terminate inactive sessions after a few seconds 2023-03-30 12:49:26 +02:00
transport_rdma.h ksmbd: fix wrong smbd max read/write size check 2022-05-21 15:01:43 -05:00
transport_tcp.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
transport_tcp.h
unicode.c
unicode.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
uniupr.h
vfs.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-11-25 00:52:28 -05:00
vfs.h ksmbd: make utf-8 file name comparison work in __caseless_lookup() 2022-10-05 01:15:44 -05:00
vfs_cache.c ksmbd: fix possible memory leak in smb2_lock() 2023-03-10 09:34:07 +01:00
vfs_cache.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
xattr.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00