Google Git
Sign in
kernel / pub / scm / linux / kernel / git / pinchartl / linux.git / 5105a7ffce19160e7062aee67fb6b3b8a1b56d78
commit5105a7ffce19160e7062aee67fb6b3b8a1b56d78[log] [tgz]
authorDavid Disseldorp <ddiss@suse.de>Fri Apr 07 00:34:11 2023 +0200
committerSteve French <stfrench@microsoft.com>Sat Apr 15 18:26:56 2023 -0500
treeee227deca4072e030d02e42c3722530098e0d18e
parent09a9639e56c01c7a00d6c0ca63f4c7c41abe075d [diff]
cifs: fix negotiate context parsing

smb311_decode_neg_context() doesn't properly check against SMB packet
boundaries prior to accessing individual negotiate context entries. This
is due to the length check omitting the eight byte smb2_neg_context
header, as well as incorrect decrementing of len_of_ctxts.

Fixes: 5100d8a3fe03 ("SMB311: Improve checking of negotiate security contexts")
Reported-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
1 file changed
tree: ee227deca4072e030d02e42c3722530098e0d18e
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .cocciconfig
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .mailmap
  31. .rustfmt.toml
  32. COPYING
  33. CREDITS
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README