git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Sun, 31 Mar 2024 12:59:10 +0000 (21:59 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Apr 2024 14:38:15 +0000 (16:38 +0200)
commit	76af689a45aa44714b46d1a7de4ffdf851ded896
tree	9a5daf6b3e1d9e76ecf95de86d40eb133738337d	tree \| snapshot
parent	99d6198b2d3e6f7042b5e28a7efdbfe25a7afd8f	commit \| diff

ksmbd: validate payload size in ipc response

commit a677ebd8ca2f2632ccdecbad7b87641274e15aac upstream.

If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc
response to ksmbd kernel server. ksmbd should validate payload size of
ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload.

Cc: stable@vger.kernel.org
Reported-by: Chao Ma <machao2019@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/ksmbd_netlink.h		diff \| blob \| blame \| history
fs/smb/server/mgmt/share_config.c		diff \| blob \| blame \| history
fs/smb/server/transport_ipc.c		diff \| blob \| blame \| history