ksmbd: fix global-out-of-bounds in smb2_find_context_vals - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Chih-Yen Chang <cc85nod@gmail.com>	2023-05-14 06:05:05 +0300
committer	Steve French <stfrench@microsoft.com>	2023-05-16 18:26:14 +0300
commit	02f76c401d17e409ed45bf7887148fcc22c93c85 (patch)
tree	caf94419c5a1a7d8d5061b7398b6a6875e8c10ec /Documentation/isdn
parent	f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6 (diff)
download	linux-02f76c401d17e409ed45bf7887148fcc22c93c85.tar.xz

ksmbd: fix global-out-of-bounds in smb2_find_context_vals

Add tag_len argument in smb2_find_context_vals() to avoid out-of-bound read when create_context's name_len is larger than tag length. [ 7.995411] ================================================================== [ 7.995866] BUG: KASAN: global-out-of-bounds in memcmp+0x83/0xa0 [ 7.996248] Read of size 8 at addr ffffffff8258d940 by task kworker/0:0/7 ... [ 7.998191] Call Trace: [ 7.998358] <TASK> [ 7.998503] dump_stack_lvl+0x33/0x50 [ 7.998743] print_report+0xcc/0x620 [ 7.999458] kasan_report+0xae/0xe0 [ 7.999895] kasan_check_range+0x35/0x1b0 [ 8.000152] memcmp+0x83/0xa0 [ 8.000347] smb2_find_context_vals+0xf7/0x1e0 [ 8.000635] smb2_open+0x1df2/0x43a0 [ 8.006398] handle_ksmbd_work+0x274/0x810 [ 8.006666] process_one_work+0x419/0x760 [ 8.006922] worker_thread+0x2a2/0x6f0 [ 8.007429] kthread+0x160/0x190 [ 8.007946] ret_from_fork+0x1f/0x30 [ 8.008181] </TASK> Cc: stable@vger.kernel.org Signed-off-by: Chih-Yen Chang <cc85nod@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>

Diffstat (limited to 'Documentation/isdn')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: