Skip to content

Commit 69ccf04

Browse files
Paulo Alcantarasmfrench
Paulo Alcantara
authored and
smfrench
committed
smb: client: fix potential UAF in is_valid_oplock_break()
Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. Cc: [email protected] Signed-off-by: Paulo Alcantara (Red Hat) <[email protected]> Signed-off-by: Steve French <[email protected]>
1 parent 2286348 commit 69ccf04

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

fs/smb/client/misc.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -481,6 +481,8 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
481481
/* look up tcon based on tid & uid */
482482
spin_lock(&cifs_tcp_ses_lock);
483483
list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
484+
if (cifs_ses_exiting(ses))
485+
continue;
484486
list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
485487
if (tcon->tid != buf->Tid)
486488
continue;

0 commit comments

Comments
 (0)