diff options
author | Namjae Jeon <linkinjeon@kernel.org> | 2023-05-03 01:42:21 +0200 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2023-05-04 06:03:01 +0200 |
commit | ea174a91893956450510945a0c5d1a10b5323656 (patch) | |
tree | ad6c0cf2673430e70277868a0ec072c5849bd191 /fs/ksmbd/smb2pdu.h | |
parent | ksmbd: fix racy issue from session setup and logoff (diff) | |
download | linux-ea174a91893956450510945a0c5d1a10b5323656.tar.xz linux-ea174a91893956450510945a0c5d1a10b5323656.zip |
ksmbd: destroy expired sessions
client can indefinitely send smb2 session setup requests with
the SessionId set to 0, thus indefinitely spawning new sessions,
and causing indefinite memory usage. This patch limit to the number
of sessions using expired timeout and session state.
Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20478
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to '')
-rw-r--r-- | fs/ksmbd/smb2pdu.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/ksmbd/smb2pdu.h b/fs/ksmbd/smb2pdu.h index 9420dd2813fb..977a9ee6a5b3 100644 --- a/fs/ksmbd/smb2pdu.h +++ b/fs/ksmbd/smb2pdu.h @@ -61,6 +61,8 @@ struct preauth_integrity_info { #define SMB2_SESSION_IN_PROGRESS BIT(0) #define SMB2_SESSION_VALID BIT(1) +#define SMB2_SESSION_TIMEOUT (10 * HZ) + struct create_durable_req_v2 { struct create_context ccontext; __u8 Name[8]; |