]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
smb: client: harden POSIX SID length parsing
authorZihan Xi <xizh2024@lzu.edu.cn>
Sun, 28 Jun 2026 09:19:24 +0000 (17:19 +0800)
committerSteve French <stfrench@microsoft.com>
Thu, 2 Jul 2026 01:19:15 +0000 (20:19 -0500)
commit7ad2bcf2441430bb2e918fb3ef9a90d775a6e422
treea4c9a6f6974b22a8c5febb2384120b3cb8af2ce3
parentdc59e4fea9d83f03bad6bddf3fa2e52491777482
smb: client: harden POSIX SID length parsing

posix_info_sid_size() reads sid[1] to obtain the subauthority count,
but its existing boundary check still accepts buffers with only one
remaining byte. Require two bytes before reading sid[1] so all client
paths that reuse the helper reject truncated POSIX SIDs safely.

Fixes: 349e13ad30b4 ("cifs: add smb2 POSIX info level")
Cc: stable@vger.kernel.org
Reported-by: Yuan Tan <yuantan098@gmail.com>
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Reported-by: Xin Liu <bird@lzu.edu.cn>
Assisted-by: Codex:gpt-5.4
Signed-off-by: Zihan Xi <xizh2024@lzu.edu.cn>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/client/smb2pdu.c