averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-03-03 18:28:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
linux-stable-mirror/fs/smb/server
History
Nicholas Carlini 6b4f875aac ksmbd: fix signededness bug in smb_direct_prepare_negotiation() 
smb_direct_prepare_negotiation() casts an unsigned __u32 value
from sp->max_recv_size and req->preferred_send_size to a signed
int before computing min_t(int, ...). A maliciously provided
preferred_send_size of 0x80000000 will return as smaller than
max_recv_size, and then be used to set the maximum allowed
alowed receive size for the next message.

By sending a second message with a large value (>1420 bytes)
the attacker can then achieve a heap buffer overflow.

This fix replaces min_t(int, ...) with min_t(u32)

Fixes: 0626e6641f ("cifsd: add server handler for central processing and tranport layers")
Signed-off-by: Nicholas Carlini <nicholas@carlini.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2026-02-22 21:27:33 -06:00
..
mgmt
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
asn1.c
asn1.h
auth.c
ksmbd: Compare MACs in constant time
2026-02-22 21:27:28 -06:00
auth.h
ksmbd: Use HMAC-SHA256 library for message signing and key generation
2025-11-30 21:11:43 -06:00
connection.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
connection.h
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
crypto_ctx.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
crypto_ctx.h
ksmbd: Use HMAC-MD5 library for NTLMv2
2025-11-30 21:11:43 -06:00
glob.h
Kconfig
ksmbd: Compare MACs in constant time
2026-02-22 21:27:28 -06:00
ksmbd_netlink.h
ksmbd: add max ip connections parameter
2025-09-30 21:37:54 -05:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
ksmbd_work.h
ksmbd: fix use-after-free in ksmbd_free_work_struct
2025-03-10 12:54:28 -05:00
Makefile
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
misc.c
ksmbd: Replace strcpy + strcat to improve convert_to_nt_pathname
2025-11-30 21:11:45 -06:00
misc.h
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
ndr.c
ndr.h
ntlmssp.h
oplock.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
oplock.h
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
2025-04-14 22:21:26 -05:00
proc.c
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
server.c
Merge tag 'kmalloc_obj-treewide-v7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2026-02-21 11:02:58 -08:00
server.h
ksmbd: add max ip connections parameter
2025-09-30 21:37:54 -05:00
smb2misc.c
smb/server: remove unused nterr.h
2025-12-09 21:01:16 -06:00
smb2ops.c
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
smb2pdu.c
ksmbd: Compare MACs in constant time
2026-02-22 21:27:28 -06:00
smb2pdu.h
ksmbd: rename smb2_get_msg to smb_get_msg
2025-12-21 19:20:46 -06:00
smb_common.c
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
smb_common.h
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
smbacl.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
smbacl.h
smb: common: change the data type of num_aces to le16
2025-03-02 22:50:54 -06:00
smbfsctl.h
stats.h
ksmbd: add procfs interface for runtime monitoring and statistics
2026-02-08 20:25:16 -06:00
transport_ipc.c
ksmbd: ipc: fix use-after-free in ipc_msg_send_request
2025-11-30 21:11:45 -06:00
transport_ipc.h
ksmbd: Remove unused functions
2025-01-15 23:24:51 -06:00
transport_rdma.c
ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
2026-02-22 21:27:33 -06:00
transport_rdma.h
smb: server: pass ksmbd_transport to get_smbd_max_read_write_size()
2025-09-28 18:29:52 -05:00
transport_tcp.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
transport_tcp.h
ksmbd: fix use-after-free in __smb2_lease_break_noti()
2025-04-14 22:21:26 -05:00
unicode.c
unicode.h
vfs_cache.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
vfs_cache.h
ksmbd: allow a filename to contain colons on SMB3.1.1 posix extensions
2025-08-31 17:48:38 -05:00
vfs.c
Merge tag 'vfs-7.0-rc1.misc.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2026-02-16 13:00:36 -08:00
vfs.h
smb/server: use end_removing_noperm for for target of smb2_create_link()
2025-11-14 13:15:56 +01:00
xattr.h