smb: client: fix potential OOB in smb2_dump_detail()

Validate SMB message with ->check_message() before calling ->calc_smb_size(). This fixes CVE-2023-6610. Reported-by: j51569436@gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218219 Cc; stable@vger.kernel.org Signed-off-by: Paulo Alcantara <pc@manguebit.com> Signed-off-by: Steve French <stfrench@microsoft.com>
author: Paulo Alcantara <pc@manguebit.com> 2023-12-19 13:10:31 -0300
committer: Steve French <stfrench@microsoft.com> 2023-12-19 10:33:39 -0600
commit: 567320c46a60a3c39b69aa1df802d753817a3f86 (patch)
tree: aea427c1c51710ed236d6e5a1f51005847dce766 /fs/smb/client/smb2ops.c
parent: smb: client: fix potential OOB in cifs_dump_detail() (diff)
download: wireguard-linux-567320c46a60a3c39b69aa1df802d753817a3f86.tar.xz
wireguard-linux-567320c46a60a3c39b69aa1df802d753817a3f86.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 62b0a8df867b..66b310208545 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -403,8 +403,10 @@ smb2_dump_detail(void *buf, struct TCP_Server_Info *server)
 	cifs_server_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Mid: %llu Pid: %d\n",
 		 shdr->Command, shdr->Status, shdr->Flags, shdr->MessageId,
 		 shdr->Id.SyncId.ProcessId);
-	cifs_server_dbg(VFS, "smb buf %p len %u\n", buf,
-		 server->ops->calc_smb_size(buf));
+	if (!server->ops->check_message(buf, server->total_read, server)) {
+		cifs_server_dbg(VFS, "smb buf %p len %u\n", buf,
+				server->ops->calc_smb_size(buf));
+	}
 #endif
 }
author	Paulo Alcantara <pc@manguebit.com>	2023-12-19 13:10:31 -0300
committer	Steve French <stfrench@microsoft.com>	2023-12-19 10:33:39 -0600
commit	567320c46a60a3c39b69aa1df802d753817a3f86 (patch)
tree	aea427c1c51710ed236d6e5a1f51005847dce766 /fs/smb/client/smb2ops.c
parent	smb: client: fix potential OOB in cifs_dump_detail() (diff)
download	wireguard-linux-567320c46a60a3c39b69aa1df802d753817a3f86.tar.xz wireguard-linux-567320c46a60a3c39b69aa1df802d753817a3f86.zip