Dan Carpenter badf74b65f staging: ncpfs: memory corruption in ncp_read_kernel() ...

commit 4c41aa24ba upstream.

If the server is malicious then *bytes_read could be larger than the
size of the "target" buffer.  It would lead to memory corruption when we
do the memcpy().

Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-03-28 18:40:15 +02:00

..

dir.c

ncpfs: fix unused variable warning

2018-02-25 11:03:50 +01:00

file.c

switch generic_write_checks() to iocb and iter

2015-04-11 22:30:21 -04:00

getopt.c

fs/ncpfs/getopt.c: replace simple_strtoul by kstrtoul

2014-06-04 16:54:21 -07:00

getopt.h

…

inode.c

VFS: normal filesystems (and lustre): d_inode() annotations

2015-04-15 15:06:57 -04:00

ioctl.c

ncpfs: don't allow negative timeouts

2015-11-20 16:17:32 -08:00

Kconfig

fs/Kconfig: move the rest of ncpfs out

2009-01-22 13:16:01 +03:00

Makefile

fs: change to new flag variable

2011-03-17 14:02:57 +01:00

mmap.c

ncpfs: use file_inode()

2014-11-19 13:01:25 -05:00

ncp_fs_i.h

ncpfs: get rid of d_validate() nonsense

2015-01-25 23:16:26 -05:00

ncp_fs_sb.h

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2014-04-12 17:31:22 -07:00

ncp_fs.h

ncpfs: remove now unused PRINTK macro

2014-04-08 16:48:52 -07:00

ncplib_kernel.c

staging: ncpfs: memory corruption in ncp_read_kernel()

2018-03-28 18:40:15 +02:00

ncplib_kernel.h

ncpfs: switch to ->read_iter/->write_iter

2015-04-11 22:28:52 -04:00

ncpsign_kernel.c

move internal-only parts of ncpfs headers to fs/ncpfs

2011-01-12 20:03:43 -05:00

ncpsign_kernel.h

move internal-only parts of ncpfs headers to fs/ncpfs

2011-01-12 20:03:43 -05:00

sock.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2014-04-12 17:31:22 -07:00

symlink.c

VFS: normal filesystems (and lustre): d_inode() annotations

2015-04-15 15:06:57 -04:00