averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-24 10:49:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b67064bd372300a75293efbbc70624996dccffd4
linux-stable-mirror/fs/ksmbd
T
History
Namjae Jeon d739f2b6d8 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() 
commit d10c77873b upstream.

If ->NameOffset/Length is bigger than ->CreateContextsOffset/Length,
ksmbd_check_message doesn't validate request buffer it correctly.
So slab-out-of-bounds warning from calling smb_strndup_from_utf16()
in smb2_open() could happen. If ->NameLength is non-zero, Set the larger
of the two sums (Name and CreateContext size) as the offset and length of
the data area.

Reported-by: Yang Chaoming <lometsj@live.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-05 15:13:39 +01:00
..
mgmt
ksmbd: Remove unused field in ksmbd_user struct
2023-12-23 10:41:59 +01:00
asn1.c
ksmbd: switch to use kmemdup_nul() helper
2023-12-23 10:41:57 +01:00
asn1.h
auth.c
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
2023-12-23 10:41:58 +01:00
auth.h
ksmbd: fix encryption failure issue for session logoff response
2023-12-23 10:41:53 +01:00
connection.c
ksmbd: no need to wait for binded connection termination at logoff
2023-12-23 10:41:59 +01:00
connection.h
ksmbd: fix race condition between session lookup and expire
2023-12-23 10:41:58 +01:00
crypto_ctx.c
crypto_ctx.h
glob.h
Kconfig
ksmbd: remove experimental warning
2023-12-23 10:41:58 +01:00
ksmbd_netlink.h
ksmbd: check if a mount point is crossed during path lookup
2023-12-23 10:41:57 +01:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c
ksmbd: release interim response after sending status pending response
2023-12-23 10:42:00 +01:00
ksmbd_work.h
ksmbd: fix wrong interim response on compound
2023-12-23 10:41:57 +01:00
Makefile
misc.c
ksmbd: validate share name from share config response
2023-12-23 10:41:53 +01:00
misc.h
ksmbd: validate share name from share config response
2023-12-23 10:41:53 +01:00
ndr.c
ndr.h
nterr.h
ntlmssp.h
oplock.c
ksmbd: lazy v2 lease break on smb2_write()
2024-01-05 15:13:36 +01:00
oplock.h
ksmbd: lazy v2 lease break on smb2_write()
2024-01-05 15:13:36 +01:00
server.c
ksmbd: fix race condition between tree conn lookup and disconnect
2023-12-23 10:41:58 +01:00
server.h
smb2misc.c
ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
2024-01-05 15:13:39 +01:00
smb2ops.c
ksmbd: set v2 lease capability
2024-01-05 15:13:36 +01:00
smb2pdu.c
ksmbd: fix wrong allocation size update in smb2_open()
2024-01-05 15:13:37 +01:00
smb2pdu.h
ksmbd: send v2 lease break notification for directory
2024-01-05 15:13:36 +01:00
smb_common.c
ksmbd: handle malformed smb1 message
2023-12-23 10:41:59 +01:00
smb_common.h
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
2023-12-23 10:41:57 +01:00
smbacl.c
ksmbd: fix possible deadlock in smb2_open
2023-12-23 10:41:59 +01:00
smbacl.h
ksmbd: fix possible deadlock in smb2_open
2023-12-23 10:41:59 +01:00
smbfsctl.h
smbstatus.h
transport_ipc.c
ksmbd: use kvzalloc instead of kvmalloc
2023-12-23 10:41:56 +01:00
transport_ipc.h
transport_rdma.c
ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev()
2023-12-23 10:41:59 +01:00
transport_rdma.h
ksmbd: fix wrong smbd max read/write size check
2023-12-23 10:41:51 +01:00
transport_tcp.c
ksmbd: fix racy issue from session setup and logoff
2023-12-23 10:41:55 +01:00
transport_tcp.h
unicode.c
ksmbd: add support for surrogate pair conversion
2023-12-23 10:41:59 +01:00
unicode.h
ksmbd: casefold utf-8 share names and fix ascii lowercase conversion
2023-12-23 10:41:52 +01:00
uniupr.h
vfs_cache.c
ksmbd: send v2 lease break notification for directory
2024-01-05 15:13:36 +01:00
vfs_cache.h
ksmbd: lazy v2 lease break on smb2_write()
2024-01-05 15:13:36 +01:00
vfs.c
ksmbd: lazy v2 lease break on smb2_write()
2024-01-05 15:13:36 +01:00
vfs.h
ksmbd: fix possible deadlock in smb2_open
2023-12-23 10:41:59 +01:00
xattr.h