merged into cifs-2.6.git for-next pending additional review and testing
On Mon, Feb 17, 2025 at 1:22 AM Haoxiang Li <haoxiang_li2024@xxxxxxx> wrote:
>
> Add check for the return value of cifs_buf_get() and cifs_small_buf_get()
> in receive_encrypted_standard() to prevent null pointer dereference.
>
> Fixes: eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Haoxiang Li <haoxiang_li2024@xxxxxxx>
> ---
> fs/smb/client/smb2ops.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
> index ec36bed54b0b..2ca8fe196051 100644
> --- a/fs/smb/client/smb2ops.c
> +++ b/fs/smb/client/smb2ops.c
> @@ -4964,6 +4964,10 @@ receive_encrypted_standard(struct TCP_Server_Info *server,
> next_buffer = (char *)cifs_buf_get();
> else
> next_buffer = (char *)cifs_small_buf_get();
> + if (!next_buffer) {
> + cifs_server_dbg(VFS, "No memory for (large) SMB response\n");
> + return -1;
> + }
> memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd);
> }
>
> --
> 2.25.1
>
>
--
Thanks,
Steve
