Skip to content
Snippets Groups Projects
Commit d70c2e09 authored by Namjae Jeon's avatar Namjae Jeon Committed by Greg Kroah-Hartman
Browse files

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() 


commit a80a486d upstream.

If ->NameOffset of smb2_create_req is smaller than Buffer offset of
smb2_create_req, slab-out-of-bounds read can happen from smb2_open.
This patch set the minimum value of the name offset to the buffer offset
to validate name length of smb2_create_req().

Cc: stable@vger.kernel.org
Reported-by: default avatarXuanzhe Yu <yuxuanzhe@outlook.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Stable-dep-of: c6cd2e8d ("ksmbd: fix potencial out-of-bounds when buffer offset is invalid")
Signed-off-by: default avatarVamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula@broadcom.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5ecf539b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment