Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp159872rdb; Fri, 5 Jan 2024 06:05:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IF3rb/0CxPdGwKYRSKclv0Mzfqogqz7XM32wayMXnLj2N7SRLBnHfnPrXMzx+nleORAjG4S X-Received: by 2002:ad4:5c89:0:b0:67f:2e75:3682 with SMTP id o9-20020ad45c89000000b0067f2e753682mr3194178qvh.128.1704463513990; Fri, 05 Jan 2024 06:05:13 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1704463513; cv=pass; d=google.com; s=arc-20160816; b=zRoH8o2no6R4WRg45gddikbuFFTWucKtp14xLctK3bnqYR1y5T6oMLjFkeZVJd0CrX xxj5wd8LADM+PotbQB8LGwmiWsYLlWxd3R5f4+CE4PRobxxU2iNuOf+j6XxZ6XkLxwwS VARcZj80HSoNkO7Si1ezPlrl6yTkrx6/Qmzqug6XLOTgzIIYk0WmnSb9TXDVY1FDrrU7 BWfCTXEuNRSUJF2aJ+XHjkAF14BGxf2aFpbF5zVw1UagTEk/aWg1aAWlf9ZuI/bPr0Wc VFpnmijyJzZSPs8R8kgurOX1fBRj5GmMHQiTwsloDS2zE+uxq6ErQBLR8SCxRAiPHxNa TWtw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :date:references:in-reply-to:subject:cc:to:from:dkim-signature :message-id; bh=+1FNVgsj+qEWnvxHNGqdoPY64SlF8p/+fHrooM8zYkM=; fh=6saYadKRVB/Hl2uv6M688autYihcUCcTbEZHMI4Yiy4=; b=klWzWo2EHUPh6dEpNpkhOGK2aukAU++K41uV5QFAxgzt+xA8Y1DQHEifwlMW7iC/J/ nChs1mTaRl0VF3ESYe63rF0fXM/1zlXINJblVh1z8vcJcGWI5syizwcGrG1TD/kuE3J5 HDvMTxzBL6uMRrmNDhtI/f7cJV1fOfOk/0Ig0re57Tpl7KASjmntkmccu73/K6qHe4gA 998dnb/yYCn/qfHM1c8xhj/7LZnyW2JKw32hipU8RbMKw5F+mbc2GT4KZpUTfxMJ9eIs f9shxDcO+E6Rj72lZWMrZLXakjJ1Trdw7B/vDcZ1KURuyw1cDH7scywWSDja/aPPbNeG jAEg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@manguebit.com header.s=dkim header.b="ctnF/fbz"; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-17902-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-17902-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=manguebit.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id j15-20020a0cf30f000000b006801528d676si1790647qvl.381.2024.01.05.06.05.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jan 2024 06:05:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-17902-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@manguebit.com header.s=dkim header.b="ctnF/fbz"; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-17902-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-17902-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=manguebit.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 231301C2176A for ; Fri, 5 Jan 2024 14:04:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BFACB2D7AF; Fri, 5 Jan 2024 14:04:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=manguebit.com header.i=@manguebit.com header.b="ctnF/fbz" X-Original-To: linux-kernel@vger.kernel.org Received: from mx.manguebit.com (mx.manguebit.com [167.235.159.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1FED2D7A5; Fri, 5 Jan 2024 14:04:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=manguebit.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=manguebit.com Message-ID: <1d2bb04665d19a4722a0b9f7f552cab3@manguebit.com> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manguebit.com; s=dkim; t=1704463486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+1FNVgsj+qEWnvxHNGqdoPY64SlF8p/+fHrooM8zYkM=; b=ctnF/fbzbkDthaVPva5if5djG2bq6W+3+ARQNPmEDGhN7aeEywM7B8C2t10Un7VC2+MSuf CTbfuO0HBqfn8+HfDph0cBDfoPz1kXqSigPssFBonKnC7mMMI4WTbLrhmsS07KU9/lusXb 88POJKP7oFoeTfm7wmlEpU+U2LApL+5A6ZFdKwZnaVg6Sfs14urLVrWErvwfO38ete3Y0d lpYgjJgZsBdc9855VN0dYyl4zWR8hFOuhv2pKlBV5C4sRA19oJNCYdsfvUT7Vf8DKVRCOx VES7OYzfLhuURqBE8dCshjgcRkR4QCY4ci7M55p5zwDRGv1uqxSA6SrjAYXDFQ== ARC-Seal: i=1; s=dkim; d=manguebit.com; t=1704463486; a=rsa-sha256; cv=none; b=E3nD/uSc3rlSDyQwsy+DdSrppLHlk5z48Dy0FmXC45LqO7knRCq13R1qHFHx95AKZxDyOB 0ZzYwmpHIwbU6vfvqDk9JmWt8iY0vNQRfU1tHr5wZwiKHLJQPsAh4yHoWhcUwPMB3Ll/s6 3hSm+TMBvNgwZEuWEGyLAkYxOykF1ARGXgXOO+eCBRmwy12eepYGyHqEBpo4aHNtuTHILU t3JR/mIhZnjR4bA670FDDjwFjfuNvuLGlFtdAq3ea1v3U/v4EgM0mvVBnZBdKe95JlvYWk DU5zreM+gKwv+sHLNjCpEZo1vX/JCTYeE9BrtDCs1zzu9rsy/i5sg9e/e9Qckg== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=pc@manguebit.com smtp.mailfrom=pc@manguebit.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=manguebit.com; s=dkim; t=1704463486; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+1FNVgsj+qEWnvxHNGqdoPY64SlF8p/+fHrooM8zYkM=; b=W1PlfjcTslLslIr4fj9tv9upynqeeY0WXI+Op4qhcXRMM67a5Sxrgamo6/wWPZBmzfB7oy yChfeOngZMPWB4SILw+b1oBTk0nsfRxioCAoSzZUIjwWqqVVd2gpKu3h4aFry8wph6AI9i 5iJ5rOsrgxXxpb78iqlGaratTaDnfPQqYjmfDAhflQRZK4sYc10dv9RfG/KAAoglSU5mkw bNhURUr2ClJHhRwBgr3h8nTM5uITDGznrnBKDdT3aXnNghPA0jPlaN/PiHKfCHQ8sFHj7Y FCw5Dv/ATBNNvR0f3IIvwTOKwVJLIr5qEZXmH7htFXiGyEFDBJyDn+J3OOJO+w== From: Paulo Alcantara To: Salvatore Bonaccorso , Steve French , Ronnie Sahlberg , Shyam Prasad N , Tom Talpey , Ben Hutchings Cc: linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-kernel@vger.kernel.org Subject: Re: Information on use-after-free in smb2_is_status_io_timeout()? In-Reply-To: References: Date: Fri, 05 Jan 2024 11:04:43 -0300 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain Salvatore Bonaccorso writes: > There is a Red Hat bugzilla report in > https://bugzilla.redhat.com/show_bug.cgi?id=2154178 about a > use-after-free in smb2_is_status_io_timeout() . While the commit noted > initially there seems not correct, Ben Hutchings raised a question on > more information in > https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c24 . > > (there is a CVE assigned for it, CVE-2023-1192) That is supposed to be fixed by d527f51331ca ("cifs: Fix UAF in cifs_demultiplex_thread()") While the commit refers to an UAF in ->is_network_name_deleted(), this should also work for smb2_is_status_io_timeout(), AFAICT.