5fe7f7b78290638806211046a99f031ff26164e1 - linux

commit	5fe7f7b78290638806211046a99f031ff26164e1	[log] [tgz]
author	Namjae Jeon <linkinjeon@kernel.org>	Thu Jun 15 22:04:40 2023 +0900
committer	Steve French <stfrench@microsoft.com>	Fri Jun 16 21:04:36 2023 -0500
tree	47dc31e0037b34c27a703f4ab185475cf123006d
parent	40b268d384a22276dca1450549f53eed60e21deb [diff]

ksmbd: fix out-of-bound read in smb2_write

ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If
->NextCommand is bigger than Offset + Length of smb2 write, It will
allow oversized smb2 write length. It will cause OOB read in smb2_write.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21164
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

fs/smb/server/smb2misc.c[diff]

1 file changed

tree: 47dc31e0037b34c27a703f4ab185475cf123006d