Commit cafb57f7 authored Dec 14, 2025 by Namjae Jeon Committed by Steve French Dec 14, 2025

ksmbd: Fix refcount leak when invalid session is found on session lookup



When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.

Cc: stable@vger.kernel.org
Reported-by: Alexandre <roger.andersen@protonmail.com>
Reported-by: Stanislas Polu <spolu@dust.tt>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

parent 8dd2e58b

fs/smb/server/mgmt/user_session.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -325,8 +325,10 @@ struct ksmbd_session ksmbd_session_lookup_all(struct ksmbd_conn conn,
		sess = ksmbd_session_lookup(conn, id);
		if (!sess && conn->binding)
		sess = ksmbd_session_lookup_slowpath(id);
		if (sess && sess->state != SMB2_SESSION_VALID)
		if (sess && sess->state != SMB2_SESSION_VALID) {
		ksmbd_user_session_put(sess);
		sess = NULL;
		}
		return sess;
		}