Skip to content
Commit f4523cd4 authored by David Disseldorp's avatar David Disseldorp Committed by Greg Kroah-Hartman
Browse files

cifs: fix negotiate context parsing 

[ Upstream commit 5105a7ff ]

smb311_decode_neg_context() doesn't properly check against SMB packet
boundaries prior to accessing individual negotiate context entries. This
is due to the length check omitting the eight byte smb2_neg_context
header, as well as incorrect decrementing of len_of_ctxts.

Fixes: 5100d8a3

 ("SMB311: Improve checking of negotiate security contexts")
Reported-by: default avatarVolker Lendecke <vl@samba.org>
Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: default avatarDavid Disseldorp <ddiss@suse.de>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 8f09ece1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment