diff options
| author | Marios Makassikis <mmakassikis@freebox.fr> | 2021-10-28 21:01:27 +0200 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2021-11-06 23:52:06 -0500 |
| commit | 78f1688a64cca77758ceb9b183088cf0054bfc82 (patch) | |
| tree | a27799c1a5e4940506b28be483d23c956e72a536 /lib/test_fortify/write_overflow-strncpy.c | |
| parent | e8d585b2f68c0b10c966ee55146de043429085a3 (diff) | |
ksmbd: Fix buffer length check in fsctl_validate_negotiate_info()
The validate_negotiate_info_req struct definition includes an extra
field to access the data coming after the header. This causes the check
in fsctl_validate_negotiate_info() to count the first element of the
array twice. This in turn makes some valid requests fail, depending on
whether they include padding or not.
Fixes: f7db8fd03a4b ("ksmbd: add validation in smb2_ioctl")
Cc: stable@vger.kernel.org # v5.15
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Acked-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy.c')
0 files changed, 0 insertions, 0 deletions