diff options
| author | Namjae Jeon <[email protected]> | 2023-05-19 23:09:48 +0900 | 
|---|---|---|
| committer | Steve French <[email protected]> | 2023-05-26 20:27:46 -0500 | 
| commit | 36322523dddb11107e9f7f528675a0dec2536103 (patch) | |
| tree | 5cbdf837cda3e64fde146a6712f106d9bfe5939a /tools/testing/selftests/bpf/progs/recvmsg_unix_prog.c | |
| parent | 0512a5f89e1fae74251fde6893ff634f1c96c6fb (diff) | |
ksmbd: fix UAF issue from opinfo->conn
If opinfo->conn is another connection and while ksmbd send oplock break
request to cient on current connection, The connection for opinfo->conn
can be disconnect and conn could be freed. When sending oplock break
request, this ksmbd_conn can be used and cause user-after-free issue.
When getting opinfo from the list, ksmbd check connection is being
released. If it is not released, Increase ->r_count to wait that connection
is freed.
Cc: [email protected]
Reported-by: Per Forlin <[email protected]>
Tested-by: Per Forlin <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
Signed-off-by: Steve French <[email protected]>
Diffstat (limited to 'tools/testing/selftests/bpf/progs/recvmsg_unix_prog.c')
0 files changed, 0 insertions, 0 deletions