Skip to content

Commit

Permalink
ksmbd-tools: fix NULL deref in samr_open_user_return()
Browse files Browse the repository at this point in the history 
Accessing ch->user->uid can result in NULL deref since ch->user can be
NULL. This was the case in samr_query_security_return() also before
commit 244725b. Fix the NULL deref in samr_open_user_return().

Signed-off-by: Atte Heikkilä <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
  • Loading branch information
@atheik @namjaejeon
atheik authored and namjaejeon committed Aug 10, 2023
1 parent 5319e1e commit 1b87279
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions mountd/rpc_samr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,9 @@ static int samr_open_user_return(struct ksmbd_rpc_pipe *pipe)
return KSMBD_RPC_EBAD_FID;
ch->refcount++;

if (!ch->user)
return KSMBD_RPC_EBAD_FID;

if (dce->sm_req.rid != ch->user->uid)
return KSMBD_RPC_EBAD_FID;

Expand Down

0 comments on commit 1b87279

Please sign in to comment.