ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (d10c7787) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit d10c7787 authored Dec 20, 2023 by

Namjae Jeon Committed by Steve French Dec 27, 2023

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()



If ->NameOffset/Length is bigger than ->CreateContextsOffset/Length,
ksmbd_check_message doesn't validate request buffer it correctly.
So slab-out-of-bounds warning from calling smb_strndup_from_utf16()
in smb2_open() could happen. If ->NameLength is non-zero, Set the larger
of the two sums (Name and CreateContext size) as the offset and length of
the data area.

Reported-by: Yang Chaoming <lometsj@live.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

parent ceb6a6f0

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 9e4937cb
· Jun 08, 2024

mentioned in commit 9e4937cb

mentioned in commit 9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72

Toggle commit list

Please register or to comment