CIFS: Fix possible use after free in demultiplex thread
BugLink: http://bugs.launchpad.net/bugs/1670508 The recent changes that added SMB3 encryption support introduced a possible use after free in the demultiplex thread. When we process an encrypted packed we obtain a pointer to SMB session but do not obtain a reference. This can possibly lead to a situation when this session was freed before we copy a decryption key from there. Fix this by obtaining a copy of the key rather than a pointer to the session under a spinlock. Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Steve French <smfrench@gmail.com> (cherry picked from commit 61cfac6f) Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>
Showing
Please register or sign in to comment