ksmbd: fix memleak in session setup
mainline inclusion from mainline-v6.4-rc1 commit 6d7cb549 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I74FG3 CVE: CVE-2023-32255 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d7cb549c2ca20e1f07593f15e936fd54b763028 -------------------------------- If client send session setup request with unknown NTLMSSP message type, session that does not included channel can be created. It will cause session memleak. because ksmbd_sessions_deregister() does not destroy session if channel is not included. This patch return error response if client send the request unknown NTLMSSP message type. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20593 Signed-off-by: NNamjae Jeon <linkinjeon@kernel.org> Signed-off-by: NSteve French <stfrench@microsoft.com> Signed-off-by: NZhaoLong Wang <wangzhaolong1@huawei.com> (cherry picked from commit 140fce8f)
Showing
想要评论请 注册 或 登录