Commit 63981561 authored by Paulo Alcantara's avatar Paulo Alcantara Committed by Steve French
Browse files

smb: client: fix potential UAF in smb2_is_network_name_deleted() 



Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarPaulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 69ccf040

fs/smb/client/smb2ops.c

+2 −0
Original line number Diff line number Diff line
@@ -2481,6 +2481,8 @@ smb2_is_network_name_deleted(char *buf, struct TCP_Server_Info *server) 


	spin_lock(&cifs_tcp_ses_lock);

	list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {

		if (cifs_ses_exiting(ses))

			continue;

		list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {

			if (tcon->tid == le32_to_cpu(shdr->Id.SyncId.TreeId)) {

				spin_lock(&tcon->tc_lock);