CIFS: fix use-after-free of the lease keys
authorAurelien Aptel <aaptel@suse.com>
Thu, 31 Jan 2019 12:46:07 +0000 (13:46 +0100)
committerSteve French <stfrench@microsoft.com>
Thu, 31 Jan 2019 13:03:20 +0000 (07:03 -0600)
commitd339adc12a4f885b572c5412e4869af8939db854
tree44cd5a49b6e7aadd4cb5bef580ff03164f43344a
parent082aaa8700415f6471ec9c5ef0c8307ca214989a
CIFS: fix use-after-free of the lease keys

The request buffers are freed right before copying the pointers.
Use the func args instead which are identical and still valid.

Simple reproducer (requires KASAN enabled) on a cifs mount:

echo foo > foo ; tail -f foo & rm foo

Cc: <stable@vger.kernel.org> # 4.20
Fixes: 179e44d49c2f ("smb3: add tracepoint for sending lease break responses to server")
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
fs/cifs/smb2pdu.c