Skip to content
Commit d339adc1 authored by Aurelien Aptel's avatar Aurelien Aptel Committed by Steve French
Browse files

CIFS: fix use-after-free of the lease keys



The request buffers are freed right before copying the pointers.
Use the func args instead which are identical and still valid.

Simple reproducer (requires KASAN enabled) on a cifs mount:

echo foo > foo ; tail -f foo & rm foo

Cc: <stable@vger.kernel.org> # 4.20
Fixes: 179e44d4 ("smb3: add tracepoint for sending lease break responses to server")
Signed-off-by: default avatarAurelien Aptel <aaptel@suse.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Reviewed-by: default avatarPaulo Alcantara <palcantara@suse.de>
parent 082aaa87
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment