[PATCH 5.15.y 0/3] Backport Fixes to 5.15.y

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here are the three backported patches aimed at addressing a potential
crash and an actual crash.

Patch 1 Fix potential OOB access in receive_encrypted_standard() if
server returned a large shdr->NextCommand in cifs.

Patch 2 fix validate offsets and lengths before dereferencing create
contexts in smb2_parse_contexts().

Patch 3 fix issue in patch 2.

The original patches were authored by Paulo Alcantara <pc@xxxxxxxxxxxxx>.
Original Patches:
1. eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
2. af1689a9b770 ("smb: client: fix potential OOBs in smb2_parse_contexts()")
3. 76025cc2285d ("smb: client: fix parsing of SMB3.1.1 POSIX create context")

Please review and consider applying these patches.

https://lore.kernel.org/all/2023121834-semisoft-snarl-49ad@gregkh/

fs/cifs/smb2ops.c   |  4 +++-
fs/cifs/smb2pdu.c   | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------
fs/cifs/smb2proto.h | 12 +++++++-----
3 files changed, 66 insertions(+), 43 deletions(-)





[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux