]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
ksmbd: fix multiple out-of-bounds read during context decoding
authorKuan-Ting Chen <h3xrabbit@gmail.com>
Mon, 18 Dec 2023 15:33:55 +0000 (00:33 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 23 Dec 2023 09:41:55 +0000 (10:41 +0100)
commit19b2b9af315e295d3afc55ab5158f0808cb8754e
treebb35036a363bbdb319d195e44c4b8fc0908879e2
parent61a306c1cc750b15c8b13b3ded623b94cd521fac
ksmbd: fix multiple out-of-bounds read during context decoding

[ Upstream commit 0512a5f89e1fae74251fde6893ff634f1c96c6fb ]

Check the remaining data length before accessing the context structure
to ensure that the entire structure is contained within the packet.
Additionally, since the context data length `ctxt_len` has already been
checked against the total packet length `len_of_ctxts`, update the
comparison to use `ctxt_len`.

Cc: stable@vger.kernel.org
Signed-off-by: Kuan-Ting Chen <h3xrabbit@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ksmbd/smb2pdu.c