Commit fe515a66 authored Aug 14, 2023 by Namjae Jeon Committed by Zhong Jinghua Aug 14, 2023

ksmbd: validate session id and tree id in the compound request

stable inclusion
from stable-v5.15.121
commit eb947403518ea3d93f6d89264bb1f5416bb0c7d0
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7T0US
CVE: CVE-2023-3866

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb947403518ea3d93f6d89264bb1f5416bb0c7d0



----------------------------------------

commit 5005bcb4 upstream.

This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21165
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com>

parent aa2c8813

Show whitespace changes

Inline Side-by-side

Please to comment