smb/client: fix possible infinite loop and oob read in symlink_data() - wireguard-linux

diff options

author	Ye Bin <yebin10@huawei.com>	2026-05-14 21:14:18 +0800
committer	Steve French <stfrench@microsoft.com>	2026-05-14 09:40:17 -0500
commit	7d9a7f1f96cd617ee9e75bb22217c709038e26b8 (patch)
tree	cb5305e6305afc4c9f33b7d3422206166b53376f /tools/testing/selftests/dm-verity/git:/ssh:/git@git.zx2c4.com
parent	SMB3.1.1: add missing QUERY_DIR info levels (diff)

smb/client: fix possible infinite loop and oob read in symlink_data()

On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bounds read is as follows: len = p->ErrorDataLength == 0xfffffff0 u8 *next = p->ErrorContextData + len next == (u8 *)p - 8 Reported-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Fixes: 76894f3e2f71 ("cifs: improve symlink handling for smb2+") Cc: stable@vger.kernel.org Signed-off-by: Ye Bin <yebin10@huawei.com> Reviewed-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Signed-off-by: Steve French <stfrench@microsoft.com>

Diffstat (limited to 'tools/testing/selftests/dm-verity/git:/ssh:/git@git.zx2c4.com')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: