From nobody Wed Dec 17 12:46:19 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F405EE49A6 for ; Mon, 21 Aug 2023 02:43:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232527AbjHUCnr (ORCPT ); Sun, 20 Aug 2023 22:43:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56512 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229908AbjHUCnq (ORCPT ); Sun, 20 Aug 2023 22:43:46 -0400 Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0CB09C; Sun, 20 Aug 2023 19:43:42 -0700 (PDT) Received: by mail-il1-x135.google.com with SMTP id e9e14a558f8ab-34baf19955cso9775665ab.2; Sun, 20 Aug 2023 19:43:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692585822; x=1693190622; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=pTs649jeA9tAOqsDzauJjFvBqiDtGSzL0YrvYTEwtc0=; b=RFbbJ7k8CSMD8My5cNBZhD2EsbrmicQmSok1r+2NG5M1SU7CPw3jrwvTrpdOt6eVO2 QTfAS3e6OmGJqf2HLCtysU7yS9J2Jmj6HWlnJrfh01AX7tzh3vjJd5EU7GbgS94mHAwF Xdkdy+bIGLFV381MYmh69ScuHPM8exdouQZObN1N+iQpQ1SIQ8i60oWh6Ca1jySxJIx9 silS6Y8DOxvHM64fzvZzGoSCCsoSn6GLich0pm9QGC1Z40KQEN8Pvj4LLfRo5bUNXuwa dSdZT0lZuKkRLapuXh5CKDunrNiz9HszBEbNGLskH3oTgzSY7gZ6yCtPxVBSexKqRfri TCDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692585822; x=1693190622; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=pTs649jeA9tAOqsDzauJjFvBqiDtGSzL0YrvYTEwtc0=; b=HQbfXPeblAPywF11hdyrQmoAWhJGr9ub0FZ6NF7PF0uT3OmJuAqE4DA8AdbYJErFCC dFCF4F89QxTjyIVkhpOf5VUHUmIuzfEDjzVwWTbj/nVCmUtQs5Uv279QX3JUE6GRXlCF 0tQVk81oetyJ43DNP0xZ+CAkroGyw+Y7MwupilxNthVtNEFFexXxjGC+b5v875Nij/Ps v3rpiNXLw1fB3X3NtvFw4wrT9K88mmk0HJiCDTIFXE0Z26fUiqv062oMd8Y5ArunUTlg G9jAPy7rIuIn1MXMrRtTTXGSFHLxGDgR7P9EkCTlsZEIK3K1lj2AAfYI+Ha86kBep2ID UXIg== X-Gm-Message-State: AOJu0YzFywrM2rArT7w3ijK5HTQ+mx5uoHyWxd8gLiBLTxU1iu7aMFrM yaGL+DaqifEcwux9DHDCfGrGyVAcYxKEScWtzY1HKGsQdq08lw== X-Google-Smtp-Source: AGHT+IGQlKpY+eX+IltkCPBAaaoADlZ6ulJwBa+9Dbj5qsHffgXx6FRuG5834augCy++JDpDHeoro8MWvEz8im4xGhM= X-Received: by 2002:a05:6e02:118f:b0:34b:ad46:c3ab with SMTP id y15-20020a056e02118f00b0034bad46c3abmr6281248ili.7.1692585821856; Sun, 20 Aug 2023 19:43:41 -0700 (PDT) MIME-Version: 1.0 From: Nathan French Date: Sun, 20 Aug 2023 21:43:32 -0500 Message-ID: Subject: [PATCH][ksmbd] fix UAF in ksmbd_alloc_work_struct To: linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org, linkinjeon@kernel.org Content-Type: multipart/mixed; boundary="000000000000a9fbcb060365d8ba" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable --000000000000a9fbcb060365d8ba MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 ICAgIGF2b2lkIG9vcHMgYWNjZXNzaW5nIG51bGwgd29yayBzdHJ1Y3QgcG9pbnRlcgoKICAgIEZp eGVzOiBiZGYxYjBlMmExZWEgKCJrc21iZF9hbGxvY193b3JrX3N0cnVjdCIpCiAgICBBZGRyZXNz ZXMtQ292ZXJpdHk6IDE1NjY4NzUgKCJFeHBsaWNpdCBudWxsIGRlcmVmZXJlbmNlIikKICAgIFJl dmlld2VkLWJ5OiBKYWNrc29uIFdpbnNsb3cgPGphY2t3aW5zbG93MzVAZ21haWwuY29tPgogICAg U2lnbmVkLW9mZi1ieTogTmF0aGFuIEZyZW5jaCA8bmF0aGFubWZyZW5jaDE3QGdtYWlsLmNvbT4K CmRpZmYgLS1naXQgYS9mcy9zbWIvc2VydmVyL2tzbWJkX3dvcmsuYyBiL2ZzL3NtYi9zZXJ2ZXIv a3NtYmRfd29yay5jCmluZGV4IDUxZGVmM2NhNzRjMC4uOTQxMWY3ZTMyYTNjIDEwMDY0NApSZXZp ZXdlZC1ieTogSmFja3NvbiBXaW5zbG93IDxqYWNrd2luc2xvdzM1QGdtYWlsLmNvbT4KLS0tIGEv ZnMvc21iL3NlcnZlci9rc21iZF93b3JrLmMKKysrIGIvZnMvc21iL3NlcnZlci9rc21iZF93b3Jr LmMKQEAgLTMzLDcgKzMzLDcgQEAgc3RydWN0IGtzbWJkX3dvcmsgKmtzbWJkX2FsbG9jX3dvcmtf c3RydWN0KHZvaWQpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEdGUF9LRVJO RUwpOwogICAgICAgICAgICAgICAgaWYgKCF3b3JrLT5pb3YpIHsKICAgICAgICAgICAgICAgICAg ICAgICAga21lbV9jYWNoZV9mcmVlKHdvcmtfY2FjaGUsIHdvcmspOwotICAgICAgICAgICAgICAg ICAgICAgICB3b3JrID0zRCBOVUxMOworICAgICAgICAgICAgICAgICAgICAgICByZXR1cm4gTlVM TDsKICAgICAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgcmV0dXJuIHdvcms7 --000000000000a9fbcb060365d8ba Content-Type: application/octet-stream; name="0001-ksmbd-fix-UAF-in-ksmbd_alloc_work_struct.patch" Content-Disposition: attachment; filename="0001-ksmbd-fix-UAF-in-ksmbd_alloc_work_struct.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_llk9w05h0 RnJvbSBjMTM4MTc0NDFjODYwZmVjMTRjYzlkNDMzNzE5YjgzY2E3ZGUxZWQwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBOYXRoYW4gRnJlbmNoIDxuYXRoYW5tZnJlbmNoMTdAZ21haWwu Y29tPgpEYXRlOiBNb24sIDIxIEF1ZyAyMDIxIDAyOjE3OjA0ICswMDAwClN1YmplY3Q6IFtQQVRD SF0ga3NtYmQ6IGZpeCBVQUYgaW4ga3NtYmRfYWxsb2Nfd29ya19zdHJ1Y3QKCmF2b2lkIG9vcHMg YWNjZXNzaW5nIG51bGwgd29yayBzdHJ1Y3QgcG9pbnRlcgoKRml4ZXM6IGJkZjFiMGUyYTFlYSAo ImtzbWJkX2FsbG9jX3dvcmtfc3RydWN0IikKQWRkcmVzc2VzLUNvdmVyaXR5OiAxNTY2ODc1ICgi RXhwbGljaXQgbnVsbCBkZXJlZmVyZW5jZSIpClJldmlld2VkLWJ5OiBKYWNrc29uIFdpbnNsb3cg PGphY2t3aW5zbG93MzVAZ21haWwuY29tPgpTaWduZWQtb2ZmLWJ5OiBOYXRoYW4gRnJlbmNoIDxu YXRoYW5tZnJlbmNoMTdAZ21haWwuY29tPgotLS0KIGZzL3NtYi9zZXJ2ZXIva3NtYmRfd29yay5j IHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCAxIGRlbGV0aW9uKC0pCgpk aWZmIC0tZ2l0IGEvZnMvc21iL3NlcnZlci9rc21iZF93b3JrLmMgYi9mcy9zbWIvc2VydmVyL2tz bWJkX3dvcmsuYwppbmRleCA1MWRlZjNjYTc0YzAuLjk0MTFmN2UzMmEzYyAxMDA2NDQKLS0tIGEv ZnMvc21iL3NlcnZlci9rc21iZF93b3JrLmMKKysrIGIvZnMvc21iL3NlcnZlci9rc21iZF93b3Jr LmMKQEAgLTMzLDcgKzMzLDcgQEAgc3RydWN0IGtzbWJkX3dvcmsgKmtzbWJkX2FsbG9jX3dvcmtf c3RydWN0KHZvaWQpCiAJCQkJICAgIEdGUF9LRVJORUwpOwogCQlpZiAoIXdvcmstPmlvdikgewog CQkJa21lbV9jYWNoZV9mcmVlKHdvcmtfY2FjaGUsIHdvcmspOwotCQkJd29yayA9IE5VTEw7CisJ CQlyZXR1cm4gTlVMTDsKIAkJfQogCX0KIAlyZXR1cm4gd29yazsKLS0gCjIuMzkuMgoK --000000000000a9fbcb060365d8ba--