Unverified Commit 1111eda6 authored Jul 19, 2023 by openeuler-ci-bot Committed by Gitee Jul 19, 2023

!1371 [sync] PR-1254: Two CVE fixes of ksmbd

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/1254 
 
PR sync from: ZhaoLong Wang <wangzhaolong1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/OPC4G2ZQN6WR2I5ESDGY65SMYHK4IJAH/ 
CVE fixes:
CVE-2023-32255
CVE-2023-32248

*** BLURB HERE ***

Namjae Jeon (2):
  ksmbd: fix memleak in session setup
  ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()


-- 
2.31.1
 
 
Link:https://gitee.com/openeuler/kernel/pulls/1371

 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parents b04de11c ab8f8c3f

fs/ksmbd/smb2pdu.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -1801,6 +1801,10 @@ int smb2_sess_setup(struct ksmbd_work *work)
		}
		kfree(sess->Preauth_HashValue);
		sess->Preauth_HashValue = NULL;
		} else {
		pr_info_ratelimited("Unknown NTLMSSP message type : 0x%x\n",
		le32_to_cpu(negblob->MessageType));
		rc = -EINVAL;
		}
		} else {
		/* TODO: need one more negotiation */
		@@ -4863,6 +4867,9 @@ static int smb2_get_info_filesystem(struct ksmbd_work *work,
		int rc = 0, len;
		int fs_infoclass_size = 0;

		if (!share->path)
		return -EIO;

		rc = kern_path(share->path, LOOKUP_NO_SYMLINKS, &path);
		if (rc) {
		pr_err("cannot create vfs path\n");