]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3cb2b2e) | patch
ksmbd: fix out-of-bounds in parse_sec_desc()
authorNamjae Jeon <linkinjeon@kernel.org>
Tue, 18 Feb 2025 13:49:50 +0000 (22:49 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 13 Mar 2025 12:01:51 +0000 (13:01 +0100)
commit159d059cbcb0e6d0e7a7b34af3862ba09a6b22d1
tree3d73bb91b94c56fa90e2047a4e5d54bebdb922e1tree
parent3cb2b2e41541fe6f9cc55ca22d4c0bd260498aeacommit | diff
ksmbd: fix out-of-bounds in parse_sec_desc()

commit d6e13e19063db24f94b690159d0633aaf72a0f03 upstream.

If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd
struct size. If it is smaller, It could cause slab-out-of-bounds.
And when validating sid, It need to check it included subauth array size.

Cc: stable@vger.kernel.org
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/smb/server/smbacl.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git