提交 1fca8038 编写于 作者: M Marios Makassikis 提交者: Steve French

cifsd: Fix potential null-ptr-deref in destroy_previous_session()

The user field in the session structure is allocated when the client is
authenticated. If the client explicitly logs off, the user field is freed,
but the session is kept around in case the user reconnects. If the TCP
connection hasn't been closed and the client sends a session setup with
a PreviousSessionId set, destroy_previous_session() will be called to
check if the session needs to be cleaned up.
Signed-off-by: NMarios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: NNamjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: NSteve French <stfrench@microsoft.com>
上级 e7735c85
...@@ -619,7 +619,8 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id) ...@@ -619,7 +619,8 @@ static void destroy_previous_session(struct ksmbd_user *user, u64 id)
prev_user = prev_sess->user; prev_user = prev_sess->user;
if (strcmp(user->name, prev_user->name) || if (!prev_user ||
strcmp(user->name, prev_user->name) ||
user->passkey_sz != prev_user->passkey_sz || user->passkey_sz != prev_user->passkey_sz ||
memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) { memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) {
put_session(prev_sess); put_session(prev_sess);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册