ksmbd: Fix refcount leak when invalid session is found on session lookup

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.

Cc: stable@vger.kernel.org
Reported-by: Alexandre <roger.andersen@protonmail.com>
Reported-by: Stanislas Polu <spolu@dust.tt>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

authored by

Namjae Jeon and committed by

Steve French 3 months ago cafb57f7 8dd2e58b

+3 -1

1 changed file

expand all

smb

server

mgmt

user_session.c

+3 -1

fs/smb/server/mgmt/user_session.c

··· 325 325 sess = ksmbd_session_lookup(conn, id); 326 326 if (!sess && conn->binding) 327 327 sess = ksmbd_session_lookup_slowpath(id); 328 - if (sess && sess->state != SMB2_SESSION_VALID) 328 + if (sess && sess->state != SMB2_SESSION_VALID) { 329 + ksmbd_user_session_put(sess); 329 330 sess = NULL; 331 + } 330 332 return sess; 331 333 } 332 334