git.itanic.dy.fi Git - linux-stable/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Tue, 2 May 2023 23:42:21 +0000 (08:42 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 17 May 2023 09:53:56 +0000 (11:53 +0200)
commit	1fc8a2b14ef5223f8e0b95faba2ee0a6e4d0f99d
tree	3def8bb8dba56ba4798ddc24f9ca07badedf6b75	tree \| snapshot
parent	f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b	commit \| diff

ksmbd: destroy expired sessions

[ Upstream commit ea174a91893956450510945a0c5d1a10b5323656 ]

client can indefinitely send smb2 session setup requests with
the SessionId set to 0, thus indefinitely spawning new sessions,
and causing indefinite memory usage. This patch limit to the number
of sessions using expired timeout and session state.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20478
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/ksmbd/mgmt/user_session.c		diff \| blob \| history
fs/ksmbd/mgmt/user_session.h		diff \| blob \| history
fs/ksmbd/smb2pdu.c		diff \| blob \| history
fs/ksmbd/smb2pdu.h		diff \| blob \| history