]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3160d97) | patch
ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
authorNamjae Jeon <linkinjeon@kernel.org>
Fri, 12 Apr 2024 00:45:00 +0000 (09:45 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 27 Apr 2024 15:11:44 +0000 (17:11 +0200)
commit5c20b242d4fed73a93591e48bfd9772e2322fb11
tree98e28471ea83da51c3ca1907b03b270874eb2ea4tree
parent3160d9734453a40db248487f8204830879c207f1commit | diff
ksmbd: validate request buffer size in smb2_allocate_rsp_buf()

commit 17cf0c2794bdb6f39671265aa18aea5c22ee8c4a upstream.

The response buffer should be allocated in smb2_allocate_rsp_buf
before validating request. But the fields in payload as well as smb2 header
is used in smb2_allocate_rsp_buf(). This patch add simple buffer size
validation to avoid potencial out-of-bounds in request buffer.

Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/smb/server/smb2pdu.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git