Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-11 16:29:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-next/fs/cifs
History
Jann Horn 4c17a6d56b CIFS: fix type confusion in copy offload ioctl 
This might lead to local privilege escalation (code execution as
kernel) for systems where the following conditions are met:

 - CONFIG_CIFS_SMB2 and CONFIG_CIFS_POSIX are enabled
 - a cifs filesystem is mounted where:
  - the mount option "vers" was used and set to a value >=2.0
  - the attacker has write access to at least one file on the filesystem

To attack this, an attacker would have to guess the target_tcon
pointer (but guessing wrong doesn't cause a crash, it just returns an
error code) and win a narrow race.

CC: Stable <stable@vger.kernel.org>
Signed-off-by: Jann Horn <jann@thejh.net>
Signed-off-by: Steve French <smfrench@gmail.com>
2015-09-11 09:54:03 -05:00
..
asn1.c
[CIFS] cifs: Rename cERROR and cFYI to cifs_dbg
2013-05-04 22:17:23 -05:00
cache.c
[CIFS] cifs: Rename cERROR and cFYI to cifs_dbg
2013-05-04 22:17:23 -05:00
cifs_debug.c
cifs: fix MUST SecurityFlags filtering
2015-01-26 19:38:26 -06:00
cifs_debug.h
cifs: convert printk(LEVEL...) to pr_<level>
2014-12-07 22:48:07 -06:00
cifs_dfs_ref.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
cifs_fs_sb.h
Allow conversion of characters in Mac remap range. Part 1
2014-10-16 15:20:20 -05:00
cifs_ioctl.h
Add way to query server fs info for smb3
2015-08-20 10:19:25 -05:00
cifs_spnego.c
KEYS: Remove key_type::match in favour of overriding default by match_preparse
2014-09-16 17:36:06 +01:00
cifs_spnego.h
[CIFS] Rename three structures to avoid camel case
2011-05-27 04:34:02 +00:00
cifs_unicode.c
Fix to convert SURROGATE PAIR
2015-05-20 13:12:51 -05:00
cifs_unicode.h
Remap reserved posix characters by default (part 3/3)
2014-10-16 15:20:20 -05:00
cifs_uniupr.h
cifs: correction of unicode header files
2010-08-20 00:46:42 +00:00
cifsacl.c
fs/cifs: remove obsolete __constant
2014-12-10 17:41:02 -08:00
cifsacl.h
cifs: fix SID binary to string conversion
2012-12-11 11:48:49 -06:00
cifsencrypt.c
CIFS: session servername can't be null
2015-04-01 00:01:47 -05:00
cifsfs.c
fs: create and use seq_show_option for escaping
2015-09-04 16:54:41 -07:00
cifsfs.h
Update cifs version number
2015-08-20 10:19:25 -05:00
cifsglob.h
Add ioctl to set integrity
2015-06-28 21:15:45 -05:00
cifspdu.h
Add way to query server fs info for smb3
2015-08-20 10:19:25 -05:00
cifsproto.h
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
cifssmb.c
cifs: Fix use-after-free on mid_q_entry
2015-08-20 10:19:25 -05:00
connect.c
cifs: Unset CIFS_MOUNT_POSIX_PATHS flag when following dfs mounts
2015-06-29 14:50:22 -05:00
dir.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
dns_resolve.c
cifs: fix composing of mount options for DFS referrals
2013-05-24 13:08:31 -05:00
dns_resolve.h
DNS: Separate out CIFS DNS Resolver code
2010-08-05 17:17:51 +00:00
export.c
[CIFS] cifs: Rename cERROR and cFYI to cifs_dbg
2013-05-04 22:17:23 -05:00
file.c
mm: mark most vm_operations_struct const
2015-09-10 13:29:01 -07:00
fscache.c
NFS client updates for Linux 3.13
2013-11-08 05:57:46 +09:00
fscache.h
CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them
2013-09-18 10:17:03 -05:00
inode.c
Fix to check Unique id and FileType when client refer file directly.
2015-05-20 13:05:25 -05:00
ioctl.c
CIFS: fix type confusion in copy offload ioctl
2015-09-11 09:54:03 -05:00
Kconfig
Allow parsing vers=3.11 on cifs mount
2015-06-27 20:23:32 -07:00
link.c
Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-06-22 12:51:21 -07:00
Makefile
cifs: add new case-insensitive conversion routines that are based on wchar_t's
2013-09-08 14:38:05 -05:00
misc.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
netmisc.c
Fix signed/unsigned pointer warning
2014-12-14 14:55:57 -06:00
nterr.c
CIFS: Rename 7 error codes to NT_ style
2012-07-24 10:25:10 -05:00
nterr.h
CIFS: Rename 7 error codes to NT_ style
2012-07-24 10:25:10 -05:00
ntlmssp.h
CIFS: Add session setup/logoff capability for SMB2
2012-07-24 21:54:57 +04:00
readdir.c
cifs: Don't replace dentries for dfs mounts
2015-05-10 19:56:05 -05:00
rfc1002pdu.h
[CIFS] whitespace cleanup
2007-06-05 18:30:44 +00:00
sess.c
Merge branch 'akpm' (patchbomb from Andrew)
2014-12-10 18:34:42 -08:00
smb1ops.c
Fix that several functions handle incorrect value of mapchars
2015-05-10 19:56:35 -05:00
smb2file.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
smb2glob.h
CIFS: Fix too big maxBuf size for SMB3 mounts
2014-02-14 16:50:47 -06:00
smb2inode.c
CIFS: Fix wrong filename length for SMB2
2014-08-25 16:45:17 -05:00
smb2maperror.c
Fix problem recognizing symlinks
2014-10-02 14:10:04 -05:00
smb2misc.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
smb2ops.c
Add ioctl to set integrity
2015-06-28 21:15:45 -05:00
smb2pdu.c
cifs: Fix use-after-free on mid_q_entry
2015-08-20 10:19:25 -05:00
smb2pdu.h
Update negotiate protocol for SMB3.11 dialect
2015-06-28 21:15:48 -05:00
smb2proto.h
mfsymlinks support for SMB2.1/SMB3. Part 2 query symlink
2014-10-16 15:20:20 -05:00
smb2status.h
CIFS: Add SMB2 status codes
2012-07-24 10:25:13 -05:00
smb2transport.c
Convert MessageID in smb2_hdr to LE
2014-12-14 14:55:45 -06:00
smbencrypt.c
cifs: use memzero_explicit to clear stack buffer
2015-01-19 15:32:13 -06:00
smberr.h
cifs: map NT_STATUS_ERROR_WRITE_PROTECTED to -EROFS
2010-08-02 12:40:40 +00:00
smbfsctl.h
Add Get/Set Integrity Information structure definitions
2015-06-28 21:15:41 -05:00
transport.c
cifs: Fix use-after-free on mid_q_entry
2015-08-20 10:19:25 -05:00
winucase.c
[CIFS] quiet sparse compile warning
2013-09-08 14:54:24 -05:00
xattr.c
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00