Commit 2955d957 authored by luosili's avatar luosili Committed by Long Li
Browse files

ksmbd: fix uaf in smb20_oplock_break_ack 

stable inclusion
from stable-v5.15.81
commit 694e13732e830cbbfedb562e57f28644927c33fd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I94P2I
CVE: CVE-2023-52479

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=694e13732e830cbbfedb562e57f28644927c33fd



--------------------------------

commit c6981347 upstream.

drop reference after use opinfo.

Signed-off-by: default avatarluosili <rootlab@huawei.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLong Li <leo.lilong@huawei.com>
parent 0b6927f0

fs/ksmbd/smb2pdu.c

+2 −2
Original line number Diff line number Diff line
@@ -8034,10 +8034,10 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work) 
		goto err_out;

	}



	opinfo_put(opinfo);

	ksmbd_fd_put(work, fp);

	opinfo->op_state = OPLOCK_STATE_NONE;

	wake_up_interruptible_all(&opinfo->oplock_q);

	opinfo_put(opinfo);

	ksmbd_fd_put(work, fp);



	rsp->StructureSize = cpu_to_le16(24);

	rsp->OplockLevel = rsp_oplevel;