]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7019440) | patch
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
authorNamjae Jeon <linkinjeon@kernel.org>
Mon, 18 Dec 2023 15:34:24 +0000 (00:34 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 23 Dec 2023 09:41:58 +0000 (10:41 +0100)
commitbd554ed4fdc3d38404a1c43d428432577573e809
tree21e70d41d7b5598d938fd8d66f452fc837db9a60tree | snapshot
parent7019440463dfd38b1c41774d7ad771f9cc6cf0cecommit | diff
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()

[ Upstream commit 4b081ce0d830b684fdf967abc3696d1261387254 ]

If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21940
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ksmbd/auth.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git