mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 02:20:40 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/ksmbd
History
Chih-Yen Chang 75378b03a9 ksmbd: fix global-out-of-bounds in smb2_find_context_vals 
commit 02f76c401d upstream.

Add tag_len argument in smb2_find_context_vals() to avoid out-of-bound
read when create_context's name_len is larger than tag length.

[    7.995411] ==================================================================
[    7.995866] BUG: KASAN: global-out-of-bounds in memcmp+0x83/0xa0
[    7.996248] Read of size 8 at addr ffffffff8258d940 by task kworker/0:0/7
...
[    7.998191] Call Trace:
[    7.998358]  <TASK>
[    7.998503]  dump_stack_lvl+0x33/0x50
[    7.998743]  print_report+0xcc/0x620
[    7.999458]  kasan_report+0xae/0xe0
[    7.999895]  kasan_check_range+0x35/0x1b0
[    8.000152]  memcmp+0x83/0xa0
[    8.000347]  smb2_find_context_vals+0xf7/0x1e0
[    8.000635]  smb2_open+0x1df2/0x43a0
[    8.006398]  handle_ksmbd_work+0x274/0x810
[    8.006666]  process_one_work+0x419/0x760
[    8.006922]  worker_thread+0x2a2/0x6f0
[    8.007429]  kthread+0x160/0x190
[    8.007946]  ret_from_fork+0x1f/0x30
[    8.008181]  </TASK>

Cc: stable@vger.kernel.org
Signed-off-by: Chih-Yen Chang <cc85nod@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-24 17:32:50 +01:00
..
mgmt ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
asn1.c ksmbd: use oid registry functions to decode OIDs 2021-12-28 22:47:22 -06:00
asn1.h
auth.c ksmbd: fix deadlock in ksmbd_find_crypto_ctx() 2023-05-11 23:03:04 +09:00
auth.h ksmbd: fix encryption failure issue for session logoff response 2022-10-05 01:15:44 -05:00
connection.c ksmbd: allocate one more byte for implied bcc[0] 2023-05-24 17:32:50 +01:00
connection.h ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
crypto_ctx.c ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
crypto_ctx.h ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
glob.h ksmbd: fix version mismatch with out of tree 2021-10-07 10:18:34 -05:00
Kconfig ksmbd: remove md4 leftovers 2021-11-11 19:22:58 -06:00
ksmbd_netlink.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c ksmbd: Remove redundant 'flush_workqueue()' calls 2021-11-06 23:52:06 -05:00
ksmbd_work.h ksmbd: remove smb2_buf_length in smb2_hdr 2021-11-11 19:22:58 -06:00
Makefile
misc.c ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
misc.h ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
ndr.c ksmbd: downgrade ndr version error message to debug 2023-02-01 08:34:38 +01:00
ndr.h ksmbd: add user namespace support 2021-07-02 16:27:10 +09:00
nterr.h
ntlmssp.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00
oplock.c ksmbd: fix global-out-of-bounds in smb2_find_context_vals 2023-05-24 17:32:50 +01:00
oplock.h ksmbd: fix global-out-of-bounds in smb2_find_context_vals 2023-05-24 17:32:50 +01:00
server.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
server.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
smb2misc.c ksmbd: smb2: Allow messages padded to 8byte boundary 2023-05-24 17:32:50 +01:00
smb2ops.c ksmbd: add support for smb2 max credit parameter 2022-01-10 12:44:19 -06:00
smb2pdu.c ksmbd: fix global-out-of-bounds in smb2_find_context_vals 2023-05-24 17:32:50 +01:00
smb2pdu.h ksmbd: destroy expired sessions 2023-05-17 11:53:56 +02:00
smb_common.c ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smb_common.h ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smbacl.c ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbacl.h ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbfsctl.h
smbstatus.h
transport_ipc.c ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
transport_ipc.h ksmbd: throttle session setup failures to avoid dictionary attacks 2021-10-20 00:07:10 -05:00
transport_rdma.c ksmbd: don't terminate inactive sessions after a few seconds 2023-03-30 12:49:26 +02:00
transport_rdma.h ksmbd: fix wrong smbd max read/write size check 2022-05-21 15:01:43 -05:00
transport_tcp.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
transport_tcp.h
unicode.c
unicode.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
uniupr.h
vfs.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-11-25 00:52:28 -05:00
vfs.h ksmbd: make utf-8 file name comparison work in __caseless_lookup() 2022-10-05 01:15:44 -05:00
vfs_cache.c ksmbd: fix possible memory leak in smb2_lock() 2023-03-10 09:34:07 +01:00
vfs_cache.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
xattr.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00