mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-21 07:55:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd

Browse Source 
Pull smb server fixes from Steve French:

 - Fix two null pointer dereferences and a memory leak

* tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
  ksmbd: fix null pointer dereference in compare_guid_key()
  ksmbd: fix null pointer dereference in proc_show_files()
  ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
This commit is contained in:
Linus Torvalds
2026-05-19 09:49:32 -07:00
parent 0c0b282d50 4b83cbc4c1
commit 1a2ab0feaa
3 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fs/smb/server/oplock.c
View File

@@ -481,8 +481,12 @@ static inline int compare_guid_key(struct oplock_info *opinfo,
const char *guid1, const char *key1)
{
const char *guid2, *key2;
struct ksmbd_conn *conn;
guid2 = opinfo->conn->ClientGUID;
conn = READ_ONCE(opinfo->conn);
if (!conn)
return 0;
guid2 = conn->ClientGUID;
key2 = opinfo->o_lease->lease_key;
if (!memcmp(guid1, guid2, SMB2_CLIENT_GUID_SIZE) &&
!memcmp(key1, key2, SMB2_LEASE_KEY_SIZE))

12
fs/smb/server/smbacl.c
View File

@@ -643,8 +643,10 @@ static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap,
ntace = (struct smb_ace *)((char *)pndace + *size);
ace_sz = fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, flags,
pace->e_perm, 0777);
if (check_add_overflow(*size, ace_sz, size))
if (check_add_overflow(*size, ace_sz, size)) {
kfree(sid);
break;
}
(*num_aces)++;
if (pace->e_tag == ACL_USER)
ntace->access_req |=
@@ -655,8 +657,10 @@ static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap,
ntace = (struct smb_ace *)((char *)pndace + *size);
ace_sz = fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED,
0x03, pace->e_perm, 0777);
if (check_add_overflow(*size, ace_sz, size))
if (check_add_overflow(*size, ace_sz, size)) {
kfree(sid);
break;
}
(*num_aces)++;
if (pace->e_tag == ACL_USER)
ntace->access_req |=
@@ -698,8 +702,10 @@ static void set_posix_acl_entries_dacl(struct mnt_idmap *idmap,
ntace = (struct smb_ace *)((char *)pndace + *size);
ace_sz = fill_ace_for_sid(ntace, sid, ACCESS_ALLOWED, 0x0b,
pace->e_perm, 0777);
if (check_add_overflow(*size, ace_sz, size))
if (check_add_overflow(*size, ace_sz, size)) {
kfree(sid);
break;
}
(*num_aces)++;
if (pace->e_tag == ACL_USER)
ntace->access_req |=

2
fs/smb/server/vfs_cache.c
View File

@@ -81,7 +81,7 @@ static int proc_show_files(struct seq_file *m, void *v)
read_lock(&global_ft.lock);
idr_for_each_entry(global_ft.idr, fp, id) {
seq_printf(m, "%#-10x %#-10llx %#-10llx %#-10x",
fp->tcon->id,
fp->tcon ? fp->tcon->id : 0,
fp->persistent_id,
fp->volatile_id,
atomic_read(&fp->refcount));