android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2f3918bc53
android_kernel_samsung_sm8650/fs/ksmbd
History
Kuan-Ting Chen 4f303c0b9d ksmbd: fix multiple out-of-bounds read during context decoding 
commit 0512a5f89e1fae74251fde6893ff634f1c96c6fb upstream.

Check the remaining data length before accessing the context structure
to ensure that the entire structure is contained within the packet.
Additionally, since the context data length `ctxt_len` has already been
checked against the total packet length `len_of_ctxts`, update the
comparison to use `ctxt_len`.

Cc: stable@vger.kernel.org
Signed-off-by: Kuan-Ting Chen <h3xrabbit@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-06-09 10:34:28 +02:00
..
mgmt ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
asn1.c ksmbd: use oid registry functions to decode OIDs 2021-12-28 22:47:22 -06:00
asn1.h ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
auth.c ksmbd: fix deadlock in ksmbd_find_crypto_ctx() 2023-05-11 23:03:04 +09:00
auth.h ksmbd: fix encryption failure issue for session logoff response 2022-10-05 01:15:44 -05:00
connection.c ksmbd: allocate one more byte for implied bcc[0] 2023-05-24 17:32:50 +01:00
connection.h ksmbd: fix racy issue from smb2 close and logoff with multichannel 2023-05-17 11:53:57 +02:00
crypto_ctx.c ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
crypto_ctx.h ksmbd: remove NTLMv1 authentication 2021-09-29 16:17:34 -05:00
glob.h ksmbd: fix version mismatch with out of tree 2021-10-07 10:18:34 -05:00
Kconfig ksmbd: remove md4 leftovers 2021-11-11 19:22:58 -06:00
ksmbd_netlink.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
ksmbd_spnego_negtokeninit.asn1 ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
ksmbd_spnego_negtokentarg.asn1 ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
ksmbd_work.c ksmbd: Remove redundant 'flush_workqueue()' calls 2021-11-06 23:52:06 -05:00
ksmbd_work.h ksmbd: remove smb2_buf_length in smb2_hdr 2021-11-11 19:22:58 -06:00
Makefile ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
misc.c ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
misc.h ksmbd: validate share name from share config response 2022-10-05 01:15:44 -05:00
ndr.c ksmbd: downgrade ndr version error message to debug 2023-02-01 08:34:38 +01:00
ndr.h ksmbd: add user namespace support 2021-07-02 16:27:10 +09:00
nterr.h ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
ntlmssp.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00
oplock.c ksmbd: fix UAF issue from opinfo->conn 2023-06-09 10:34:27 +02:00
oplock.h ksmbd: fix global-out-of-bounds in smb2_find_context_vals 2023-05-24 17:32:50 +01:00
server.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
server.h ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
smb2misc.c ksmbd: smb2: Allow messages padded to 8byte boundary 2023-05-24 17:32:50 +01:00
smb2ops.c ksmbd: add support for smb2 max credit parameter 2022-01-10 12:44:19 -06:00
smb2pdu.c ksmbd: fix multiple out-of-bounds read during context decoding 2023-06-09 10:34:28 +02:00
smb2pdu.h ksmbd: destroy expired sessions 2023-05-17 11:53:56 +02:00
smb_common.c ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smb_common.h ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr 2023-04-13 16:55:29 +02:00
smbacl.c ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbacl.h ksmbd: port to vfs{g,u}id_t and associated helpers 2022-10-05 01:15:37 -05:00
smbfsctl.h ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
smbstatus.h ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
transport_ipc.c ksmbd: add max connections parameter 2023-02-01 08:34:37 +01:00
transport_ipc.h ksmbd: throttle session setup failures to avoid dictionary attacks 2021-10-20 00:07:10 -05:00
transport_rdma.c ksmbd: don't terminate inactive sessions after a few seconds 2023-03-30 12:49:26 +02:00
transport_rdma.h ksmbd: fix wrong smbd max read/write size check 2022-05-21 15:01:43 -05:00
transport_tcp.c ksmbd: fix racy issue from session setup and logoff 2023-05-17 11:53:56 +02:00
transport_tcp.h ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
unicode.c ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
unicode.h ksmbd: casefold utf-8 share names and fix ascii lowercase conversion 2022-10-05 01:15:37 -05:00
uniupr.h ksmbd: move fs/cifsd to fs/ksmbd 2021-06-28 16:28:31 +09:00
vfs_cache.c ksmbd: fix possible memory leak in smb2_lock() 2023-03-10 09:34:07 +01:00
vfs_cache.h ksmbd: remove filename in ksmbd_file 2022-04-14 20:56:13 -05:00
vfs.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-11-25 00:52:28 -05:00
vfs.h ksmbd: make utf-8 file name comparison work in __caseless_lookup() 2022-10-05 01:15:44 -05:00
xattr.h treewide: Replace zero-length arrays with flexible-array members 2022-02-17 07:00:39 -06:00