ksmbd: avoid out of bounds access in decode_preauth_ctxt() - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	David Disseldorp <ddiss@suse.de>	2023-04-13 23:49:57 +0900
committer	Steve French <stfrench@microsoft.com>	2023-04-13 14:17:32 -0500
commit	e7067a446264a7514fa1cfaa4052cdb6803bc6a2 (patch)
tree	b4600382146430cdb6cc340d2244f4f8541e604e /tools/testing/selftests/net/lib/py/utils.py
parent	09a9639e56c01c7a00d6c0ca63f4c7c41abe075d (diff)

ksmbd: avoid out of bounds access in decode_preauth_ctxt()

Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight byte smb2_neg_context header + (client controlled) DataLength are within the packet boundary, which is insufficient. Checking for sizeof(struct smb2_preauth_neg_context) is overkill given that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt. Signed-off-by: David Disseldorp <ddiss@suse.de> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>

Diffstat (limited to 'tools/testing/selftests/net/lib/py/utils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: