Commit ff45e8b3 authored by Chih-Yen Chang's avatar Chih-Yen Chang Committed by Li Nan
Browse files

ksmbd: allocate one more byte for implied bcc[0] 

mainline inclusion
from mainline-v6.4-rc3
commit 443d61d1
category: bugfix
bugzilla: 189030, https://gitee.com/openeuler/kernel/issues/I7LU2I
CVE: CVE-2023-38429

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=443d61d1fa9faa60ef925513d83742902390100f



----------------------------------------

ksmbd_smb2_check_message allows client to return one byte more, so we
need to allocate additional memory in ksmbd_conn_handler_loop to avoid
out-of-bound access.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarChih-Yen Chang <cc85nod@gmail.com>
Acked-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>

Conflict:
	fs/ksmbd/connection.c

Signed-off-by: default avatarLi Nan <linan122@huawei.com>
parent 598a1d66
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment