linux/fs/smb/server
Namjae Jeon 38d20c6290 ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
The race is between the handling of a new TCP connection and
its disconnection. It leads to UAF on `struct tcp_transport` in
ksmbd_tcp_new_connection() function.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22991
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2024-01-14 11:39:49 -06:00
..
mgmt ksmbd: Remove usage of the deprecated ida_simple_xx() API 2024-01-09 12:52:33 -06:00
asn1.c ksmbd: validate mech token in session setup 2024-01-14 11:39:49 -06:00
asn1.h
auth.c ksmbd: auth: fix most kernel-doc warnings 2024-01-09 12:52:33 -06:00
auth.h
connection.c ksmbd: fix UAF issue in ksmbd_tcp_new_connection() 2024-01-14 11:39:49 -06:00
connection.h ksmbd: fix UAF issue in ksmbd_tcp_new_connection() 2024-01-14 11:39:49 -06:00
crypto_ctx.c
crypto_ctx.h
glob.h
Kconfig ksmbd: remove experimental warning 2023-09-03 21:06:36 -05:00
ksmbd_netlink.h ksmbd: check if a mount point is crossed during path lookup 2023-07-23 10:25:11 -05:00
ksmbd_spnego_negtokeninit.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
ksmbd_spnego_negtokentarg.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
ksmbd_work.c ksmbd: release interim response after sending status pending response 2023-11-23 20:50:45 -06:00
ksmbd_work.h ksmbd: fix wrong interim response on compound 2023-08-29 12:30:19 -05:00
Makefile
misc.c
misc.h
ndr.c
ndr.h
nterr.h
ntlmssp.h
oplock.c ksmbd: send lease break notification on FILE_RENAME_INFORMATION 2024-01-09 12:55:07 -06:00
oplock.h ksmbd: lazy v2 lease break on smb2_write() 2023-12-08 10:11:33 -06:00
server.c ksmbd: fix race condition between tree conn lookup and disconnect 2023-10-04 21:56:28 -05:00
server.h
smb2misc.c ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() 2023-12-27 22:55:36 -06:00
smb2ops.c ksmbd: set v2 lease capability 2023-12-05 20:43:23 -06:00
smb2pdu.c ksmbd: validate mech token in session setup 2024-01-14 11:39:49 -06:00
smb2pdu.h ksmbd: replace one-element array with flex-array member in struct smb2_ea_info 2023-08-29 12:30:20 -05:00
smb_common.c ksmbd: validate the zero field of packet header 2024-01-09 12:52:32 -06:00
smb_common.h ksmbd: fix out of bounds in init_smb2_rsp_hdr() 2023-07-23 10:25:11 -05:00
smbacl.c ksmbd: free ppace array on error in parse_dacl 2024-01-09 19:27:36 -06:00
smbacl.h ksmbd: fix possible deadlock in smb2_open 2023-11-23 20:50:45 -06:00
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: use kvzalloc instead of kvmalloc 2023-06-26 00:07:04 -05:00
transport_ipc.h
transport_rdma.c ksmbd: fix UAF issue in ksmbd_tcp_new_connection() 2024-01-14 11:39:49 -06:00
transport_rdma.h
transport_tcp.c ksmbd: fix UAF issue in ksmbd_tcp_new_connection() 2024-01-14 11:39:49 -06:00
transport_tcp.h
unicode.c ksmbd: add support for surrogate pair conversion 2023-10-22 19:06:27 -05:00
unicode.h fs/smb: Swing unicode common code from smb->NLS 2023-08-30 08:55:51 -05:00
vfs_cache.c ksmbd: send v2 lease break notification for directory 2023-12-08 10:11:33 -06:00
vfs_cache.h ksmbd: lazy v2 lease break on smb2_write() 2023-12-08 10:11:33 -06:00
vfs.c 11 ksmbd server fixes 2024-01-11 20:27:41 -08:00
vfs.h ksmbd: fix possible deadlock in smb2_open 2023-11-23 20:50:45 -06:00
xattr.h