ksmbd: fix out-of-bound read in smb2_write - linux-rng - Development tree for the kernel CSPRNG

diff options

author	Namjae Jeon <linkinjeon@kernel.org>	2023-06-15 22:04:40 +0900
committer	Steve French <stfrench@microsoft.com>	2023-06-16 21:04:36 -0500
commit	5fe7f7b78290638806211046a99f031ff26164e1 (patch)
tree	47dc31e0037b34c27a703f4ab185475cf123006d /tools/perf/scripts/python/stat-cpi.py
parent	ksmbd: add mnt_want_write to ksmbd vfs functions (diff)
download	linux-rng-5fe7f7b78290638806211046a99f031ff26164e1.tar.xz linux-rng-5fe7f7b78290638806211046a99f031ff26164e1.zip

ksmbd: fix out-of-bound read in smb2_write

ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in smb2_write. Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21164 Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>

Diffstat (limited to 'tools/perf/scripts/python/stat-cpi.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: