CIFS: Fix possible use after free in demultiplex thread
authorPavel Shilovsky <pshilov@microsoft.com>
Wed, 1 Mar 2017 00:05:19 +0000 (16:05 -0800)
committerSteve French <smfrench@gmail.com>
Wed, 1 Mar 2017 22:42:40 +0000 (16:42 -0600)
commit61cfac6f267dabcf2740a7ec8a0295833b28b5f5
tree308037a3f6b3b5fb7a851a01a53e0c36fbaeb28f
parent6053dc981449718d90a429933e99b441e1adaea6
CIFS: Fix possible use after free in demultiplex thread

The recent changes that added SMB3 encryption support introduced
a possible use after free in the demultiplex thread. When we
process an encrypted packed we obtain a pointer to SMB session
but do not obtain a reference. This can possibly lead to a situation
when this session was freed before we copy a decryption key from
there. Fix this by obtaining a copy of the key rather than a pointer
to the session under a spinlock.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
fs/cifs/smb2ops.c