ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Namjae Jeon <[email protected]>	2023-08-06 08:44:17 +0900
committer	Steve French <[email protected]>	2023-08-05 20:57:00 -0500
commit	79ed288cef201f1f212dfb934bcaac75572fb8f6 (patch)
tree	5c150a82d16bcc035a83b130e4f1f2992a039db3 /lib/memory-notifier-error-inject.c
parent	5aa4fda5aa9c2a5a7bac67b4a12b089ab81fee3c (diff)

ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()

There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea. Cc: [email protected] Reported-by: [email protected] # ZDI-CAN-21598 Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]>

Diffstat (limited to 'lib/memory-notifier-error-inject.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: