github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-23 06:31:58 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

three ksmbd server fixes

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmoGfMUACgkQiiy9cAdy
 T1EoHgv/R82Vg16H+cNsL+o9vY4O/so59lbqLnkTAFDKhrNR5wPWjWuomQ/8Kq9d
 u4Atc6bt/cqvhjNSrI46xlecZt+ArpmXXtW0fREYmrFPdIJaQFmjA5jjabI3jxVT
 QTmwXFKdB2MhUIQIXBByrko/AIqpzJkrOM9EAP/0zHvuahBBEJUs2k+IjuI2yNhD
 LVPTMrOlSqWGYVSPsqnLnUpa//sHV3NBSsonKQOTtvQYdacRzY+20AbSiczkMxmo
 JOR839XkaxP0nUfUIxBtwguNvOgxKfJ+X4nEiKVA9cDo0yK9djOm8SeQshz/YmOq
 1BXB94DiaWQRtkSRAs3XqgXfT53EiA0xa6DBg4JIBllAuGGlCyoa9Db4rzWGeY+/
 S2zfGxxDOeAH0pddEqUWLfcgufyBTK5on20+YYQZx6njn3NYatMI/HC5KfgsfrTJ
 i+/r06/foVQrbIA6pGeaCwwyQvNar8pS8SHbARmaC4N1jvgoMVEvs7tv/pPKA2Bt
 at23kXHC
 =TmyE
 -----END PGP SIGNATURE-----

Merge tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Pull smb server fixes from Steve French:

 - Fix two null pointer dereferences and a memory leak

* tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
  ksmbd: fix null pointer dereference in compare_guid_key()
  ksmbd: fix null pointer dereference in proc_show_files()
  ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
This commit is contained in:
Linus Torvalds 2026-05-19 09:49:32 -07:00
commit 1a2ab0feaa
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fs/smb/server/oplock.c
View File

@ -481,8 +481,12 @@ static inline int compare_guid_key(struct oplock_info *opinfo,
const char *guid1, const char *key1)
{
const char *guid2, *key2;
struct ksmbd_conn *conn;
guid2 = opinfo->conn->ClientGUID;
conn = READ_ONCE(opinfo->conn);
if (!conn)
return 0;
guid2 = conn->ClientGUID;
key2 = opinfo->o_lease->lease_key;
if (!memcmp(guid1, guid2, SMB2_CLIENT_GUID_SIZE) &&
!memcmp(key1, key2, SMB2_LEASE_KEY_SIZE))

12
fs/smb/server/smbacl.c
View File

@ -643,8 +643,10 @@ static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap,
ntace = (struct smb_ace *)((char *)pndace + *size);
ace_sz = fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, flags,
pace->e_perm, 0777);
if (check_add_overflow(*size, ace_sz, size))
if (check_add_overflow(*size, ace_sz, size)) {
kfree(sid);
break;
}
(*num_aces)++;
if (pace->e_tag == ACL_USER)
ntace->access_req |=
@ -655,8 +657,10 @@ static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap,
ntace = (struct smb_ace *)((char *)pndace + *size);
ace_sz = fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED,
0x03, pace->e_perm, 0777);
if (check_add_overflow(*size, ace_sz, size))
if (check_add_overflow(*size, ace_sz, size)) {
kfree(sid);
break;
}
(*num_aces)++;
if (pace->e_tag == ACL_USER)
ntace->access_req |=
@ -698,8 +702,10 @@ static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap,
ntace = (struct smb_ace *)((char *)pndace + *size);
ace_sz = fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, 0x0b,
pace->e_perm, 0777);
if (check_add_overflow(*size, ace_sz, size))
if (check_add_overflow(*size, ace_sz, size)) {
kfree(sid);
break;
}
(*num_aces)++;
if (pace->e_tag == ACL_USER)
ntace->access_req |=

2
fs/smb/server/vfs_cache.c
View File

@ -81,7 +81,7 @@ static int proc_show_files(struct seq_file *m, void *v)
read_lock(&global_ft.lock);
idr_for_each_entry(global_ft.idr, fp, id) {
seq_printf(m, "%#-10x %#-10llx %#-10llx %#-10x",
fp->tcon->id,
fp->tcon ? fp->tcon->id : 0,
fp->persistent_id,
fp->volatile_id,
atomic_read(&fp->refcount));