Please pull the following changes since commit
7eb172143d5508b4da468ed59ee857c6e5e01da6:
Linux 6.14-rc5 (2025-03-02 11:48:20 -0800)
are available in the Git repository at:
git://git.samba.org/ksmbd.git tags/v6.14-rc5-smb3-fixes
for you to fetch changes up to aa2a739a75ab6f24ef72fb3fdb9192c081eacf06:
cifs: fix incorrect validation for num_aces field of smb_acl
(2025-03-02 22:50:54 -0600)
----------------------------------------------------------------
Five SMB server fixes, two related client fixes, and minor MAINTAINERS update
I am still reviewing an additional change for validating ACEs, and
also for validating init_acl_state(), that are not included in this
P/R
- Two SMB3 lock fixes fixes (including use after free and bug on fix)
- Fix to race condition that can happen in processing responses on IPC$
- Four ACL related fixes: one related to endianness of num_aces, and
two related fixes to the checks for num_aces (for both client and
server), and one fixing missing check for num_subauths which can
cause memory corruption
- And minor update to email addresses in MAINTAINERS file
----------------------------------------------------------------
Namjae Jeon (8):
MAINTAINERS: update email address in cifs and ksmbd entry
ksmbd: fix out-of-bounds in parse_sec_desc()
ksmbd: fix type confusion via race condition when using
ipc_msg_send_request
ksmbd: fix use-after-free in smb2_lock
ksmbd: fix bug on trap in smb2_lock
smb: common: change the data type of num_aces to le16
ksmbd: fix incorrect validation for num_aces field of smb_acl
cifs: fix incorrect validation for num_aces field of smb_acl
MAINTAINERS | 3 +++
fs/smb/client/cifsacl.c | 34 +++++++++++++++-------------
fs/smb/common/smbacl.h | 3 ++-
fs/smb/server/smb2pdu.c | 8 +++----
fs/smb/server/smbacl.c | 52 ++++++++++++++++++++++++++++++-------------
fs/smb/server/smbacl.h | 2 +-
fs/smb/server/transport_ipc.c | 1 +
7 files changed, 66 insertions(+), 37 deletions(-)
--
Thanks,
Steve
