Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-10 07:00:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/fs/smb/server
History
Namjae Jeon d10c77873b ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() 
If ->NameOffset/Length is bigger than ->CreateContextsOffset/Length,
ksmbd_check_message doesn't validate request buffer it correctly.
So slab-out-of-bounds warning from calling smb_strndup_from_utf16()
in smb2_open() could happen. If ->NameLength is non-zero, Set the larger
of the two sums (Name and CreateContext size) as the offset and length of
the data area.

Reported-by: Yang Chaoming <lometsj@live.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-12-27 22:55:36 -06:00
..
mgmt
ksmbd: Remove unused field in ksmbd_user struct
2023-10-22 19:06:27 -05:00
asn1.c
ksmbd: switch to use kmemdup_nul() helper
2023-08-29 12:30:19 -05:00
asn1.h
auth.c
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
2023-08-29 12:30:20 -05:00
auth.h
connection.c
ksmbd: no need to wait for binded connection termination at logoff
2023-10-30 21:58:12 -05:00
connection.h
ksmbd: fix race condition between session lookup and expire
2023-10-04 20:21:48 -05:00
crypto_ctx.c
crypto_ctx.h
glob.h
Kconfig
ksmbd: remove experimental warning
2023-09-03 21:06:36 -05:00
ksmbd_netlink.h
ksmbd: check if a mount point is crossed during path lookup
2023-07-23 10:25:11 -05:00
ksmbd_spnego_negtokeninit.asn1
treewide: Add SPDX identifier to IETF ASN.1 modules
2023-10-27 18:04:28 +08:00
ksmbd_spnego_negtokentarg.asn1
treewide: Add SPDX identifier to IETF ASN.1 modules
2023-10-27 18:04:28 +08:00
ksmbd_work.c
ksmbd: release interim response after sending status pending response
2023-11-23 20:50:45 -06:00
ksmbd_work.h
ksmbd: fix wrong interim response on compound
2023-08-29 12:30:19 -05:00
Makefile
misc.c
misc.h
ndr.c
ndr.h
nterr.h
ntlmssp.h
oplock.c
ksmbd: lazy v2 lease break on smb2_write()
2023-12-08 10:11:33 -06:00
oplock.h
ksmbd: lazy v2 lease break on smb2_write()
2023-12-08 10:11:33 -06:00
server.c
ksmbd: fix race condition between tree conn lookup and disconnect
2023-10-04 21:56:28 -05:00
server.h
smb2misc.c
ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
2023-12-27 22:55:36 -06:00
smb2ops.c
ksmbd: set v2 lease capability
2023-12-05 20:43:23 -06:00
smb2pdu.c
ksmbd: fix wrong allocation size update in smb2_open()
2023-12-08 10:11:33 -06:00
smb2pdu.h
ksmbd: replace one-element array with flex-array member in struct smb2_ea_info
2023-08-29 12:30:20 -05:00
smb_common.c
ksmbd: handle malformed smb1 message
2023-11-07 18:54:25 -06:00
smb_common.h
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
2023-07-23 10:25:11 -05:00
smbacl.c
ksmbd: fix possible deadlock in smb2_open
2023-11-23 20:50:45 -06:00
smbacl.h
ksmbd: fix possible deadlock in smb2_open
2023-11-23 20:50:45 -06:00
smbfsctl.h
smbstatus.h
transport_ipc.c
ksmbd: use kvzalloc instead of kvmalloc
2023-06-26 00:07:04 -05:00
transport_ipc.h
transport_rdma.c
ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev()
2023-10-22 19:06:27 -05:00
transport_rdma.h
transport_tcp.c
transport_tcp.h
unicode.c
ksmbd: add support for surrogate pair conversion
2023-10-22 19:06:27 -05:00
unicode.h
fs/smb: Swing unicode common code from smb->NLS
2023-08-30 08:55:51 -05:00
vfs_cache.c
ksmbd: send v2 lease break notification for directory
2023-12-08 10:11:33 -06:00
vfs_cache.h
ksmbd: lazy v2 lease break on smb2_write()
2023-12-08 10:11:33 -06:00
vfs.c
ksmbd: lazy v2 lease break on smb2_write()
2023-12-08 10:11:33 -06:00
vfs.h
ksmbd: fix possible deadlock in smb2_open
2023-11-23 20:50:45 -06:00
xattr.h