linux/fs/cifs
Aurelien Aptel d339adc12a CIFS: fix use-after-free of the lease keys
The request buffers are freed right before copying the pointers.
Use the func args instead which are identical and still valid.

Simple reproducer (requires KASAN enabled) on a cifs mount:

echo foo > foo ; tail -f foo & rm foo

Cc: <stable@vger.kernel.org> # 4.20
Fixes: 179e44d49c ("smb3: add tracepoint for sending lease break responses to server")
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
2019-01-31 07:03:20 -06:00
..
asn1.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
cache.c cifs: use 64-bit timestamps for fscache 2018-08-07 14:15:41 -05:00
cifs_debug.c cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData 2019-01-24 14:52:06 -06:00
cifs_debug.h cifs: minor clarification in comments 2018-10-23 21:16:05 -05:00
cifs_dfs_ref.c cifs: Add support for failover in cifs_mount() 2018-12-28 10:10:29 -06:00
cifs_fs_sb.h cifs: Add support for failover in cifs_reconnect() 2018-12-28 10:13:11 -06:00
cifs_ioctl.h cifs: add IOCTL for QUERY_INFO passthrough to userspace 2018-10-23 21:16:05 -05:00
cifs_spnego.c smb3: on kerberos mount if server doesn't specify auth type use krb5 2018-11-02 14:09:41 -05:00
cifs_spnego.h [CIFS] Rename three structures to avoid camel case 2011-05-27 04:34:02 +00:00
cifs_unicode.c fs/cifs: don't translate SFM_SLASH (U+F026) to backslash 2018-09-02 23:21:42 -05:00
cifs_unicode.h [SMB3] Remove ifdef since SMB3 (and later) now STRONGLY preferred 2017-07-08 18:57:07 -05:00
cifs_uniupr.h
cifsacl.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
cifsacl.h cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class 2018-06-04 19:19:24 -05:00
cifsencrypt.c cifs: remove coverity warning in calc_lanman_hash 2018-12-23 22:41:26 -06:00
cifsfs.c cifs: Make use of DFS cache to get new DFS referrals 2018-12-28 10:09:46 -06:00
cifsfs.h cifs: update internal module version number 2019-01-11 07:14:40 -06:00
cifsglob.h CIFS: Fix error paths in writeback code 2019-01-11 07:14:40 -06:00
cifspdu.h smb3: missing defines and structs for reparse point handling 2018-11-02 14:09:41 -05:00
cifsproto.h cifs: Add support for failover in smb2_reconnect() 2018-12-28 10:13:11 -06:00
cifssmb.c CIFS: Fix credits calculations for reads with errors 2019-01-24 14:52:05 -06:00
connect.c CIFS: Do not reconnect TCP session in add_credits() 2019-01-24 14:50:57 -06:00
dfs_cache.c cifs: Fix a tiny potential memory leak 2019-01-10 14:32:30 -06:00
dfs_cache.h cifs: Add DFS cache routines 2018-12-28 10:05:58 -06:00
dir.c cifs: Fix separator when building path from dentry 2018-12-06 02:20:17 -06:00
dns_resolve.c cifs: fix composing of mount options for DFS referrals 2013-05-24 13:08:31 -05:00
dns_resolve.h
export.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
file.c CIFS: Fix possible oops and memory leaks in async IO 2019-01-29 17:19:47 -06:00
fscache.c cifs: use 64-bit timestamps for fscache 2018-08-07 14:15:41 -05:00
fscache.h cifs: use 64-bit timestamps for fscache 2018-08-07 14:15:41 -05:00
inode.c CIFS: Fix error paths in writeback code 2019-01-11 07:14:40 -06:00
ioctl.c cifs: add support for ioctl on directories 2018-10-23 21:16:05 -05:00
Kconfig cifs: Minor Kconfig clarification 2018-12-28 10:13:11 -06:00
link.c smb3: don't request leases in symlink creation and query 2018-08-07 14:15:57 -05:00
Makefile cifs: Add DFS cache routines 2018-12-28 10:05:58 -06:00
misc.c cifs: Add support for failover in smb2_reconnect() 2018-12-28 10:13:11 -06:00
netmisc.c cifs: use timespec64 internally 2018-08-07 14:15:41 -05:00
nterr.c CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
nterr.h CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
ntlmssp.h cifs: dynamic allocation of ntlmssp blob 2016-06-23 23:45:07 -05:00
readdir.c cifs: check ntwrk_buf_start for NULL before dereferencing it 2018-12-23 22:41:31 -06:00
rfc1002pdu.h
sess.c cifs: remove set but not used variable 'smb_buf' 2018-12-23 22:41:20 -06:00
smb1ops.c cifs: Make use of DFS cache to get new DFS referrals 2018-12-28 10:09:46 -06:00
smb2file.c cifs: Fix potential OOB access of lock element array 2019-01-11 07:14:40 -06:00
smb2glob.h cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding 2018-10-23 21:16:04 -05:00
smb2inode.c CIFS: Fix mounts if the client is low on credits 2019-01-24 14:52:06 -06:00
smb2maperror.c CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem 2018-12-23 22:42:56 -06:00
smb2misc.c smb3: add credits we receive from oplock/break PDUs 2019-01-24 14:52:06 -06:00
smb2ops.c cifs: limit amount of data we request for xattrs to CIFSMaxBufSize 2019-01-29 16:17:25 -06:00
smb2pdu.c CIFS: fix use-after-free of the lease keys 2019-01-31 07:03:20 -06:00
smb2pdu.h cifs: limit amount of data we request for xattrs to CIFSMaxBufSize 2019-01-29 16:17:25 -06:00
smb2proto.h cifs: we can not use small padding iovs together with encryption 2018-12-31 00:58:52 -06:00
smb2status.h CIFS: Add SMB2 status codes 2012-07-24 10:25:13 -05:00
smb2transport.c CIFS: fix uninitialized ptr deref in smb2 signing 2018-08-07 14:30:59 -05:00
smbdirect.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
smbdirect.h cifs: fix SMB1 breakage 2018-07-05 13:48:24 -05:00
smbencrypt.c CIFS: refactor crypto shash/sdesc allocation&free 2018-04-01 20:24:39 -05:00
smberr.h
smbfsctl.h [SMB3] Send durable handle v2 contexts when use of persistent handles required 2015-11-03 09:26:27 -06:00
trace.c smb3: Cleanup license mess 2019-01-24 09:37:33 -06:00
trace.h smb3: Cleanup license mess 2019-01-24 09:37:33 -06:00
transport.c CIFS: Fix credit calculations in compound mid callback 2019-01-24 14:52:06 -06:00
winucase.c [CIFS] quiet sparse compile warning 2013-09-08 14:54:24 -05:00
xattr.c smb3: create smb3 equivalent alias for cifs pseudo-xattrs 2018-08-10 18:46:58 -05:00