qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/fs/smb/server
History
Namjae Jeon cce57cd8c5 ksmbd: fix null pointer dereference in alloc_preauth_hash() 
commit c8b5b7c5da upstream.

The Client send malformed smb2 negotiate request. ksmbd return error
response. Subsequently, the client can send smb2 session setup even
thought conn->preauth_info is not allocated.
This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore
session setup request if smb2 negotiate phase is not complete.

Cc: stable@vger.kernel.org
Tested-by: Steve French <stfrench@microsoft.com>
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-26505
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Jan Alexander Preissler <akendo@akendo.eu>
Signed-off-by: Sujana Subramaniam <sujana.subramaniam@sap.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2025-09-19 16:32:08 +02:00
..
mgmt ksmbd: fix null pointer dereference in alloc_preauth_hash() 2025-09-19 16:32:08 +02:00
Kconfig
Makefile
asn1.c
asn1.h
auth.c
auth.h
connection.c smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() 2025-08-28 16:28:44 +02:00
connection.h ksmbd: fix null pointer dereference in alloc_preauth_hash() 2025-09-19 16:32:08 +02:00
crypto_ctx.c
crypto_ctx.h
glob.h
ksmbd_netlink.h
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c
ksmbd_work.h
misc.c
misc.h
ndr.c
ndr.h
nterr.h
ntlmssp.h
oplock.c
oplock.h
server.c
server.h
smb2misc.c
smb2ops.c
smb2pdu.c ksmbd: fix null pointer dereference in alloc_preauth_hash() 2025-09-19 16:32:08 +02:00
smb2pdu.h
smb_common.c
smb_common.h
smbacl.c
smbacl.h
smbfsctl.h
smbstatus.h
transport_ipc.c
transport_ipc.h
transport_rdma.c smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() 2025-08-28 16:28:44 +02:00
transport_rdma.h smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() 2025-08-28 16:28:44 +02:00
transport_tcp.c
transport_tcp.h
unicode.c
unicode.h
vfs.c
vfs.h
vfs_cache.c
vfs_cache.h
xattr.h