Ross Lagerwall baf6b1921d cifs: Fix potential OOB access of lock element array ...

commit b9a74cde94957d82003fb9f7ab4777938ca851cd upstream.

If maxBuf is small but non-zero, it could result in a zero sized lock
element array which we would then try and access OOB.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2019-01-16 22:12:31 +01:00

..

9p

v9fs_dir_readdir: fix double-free on p9stat_read error

2018-12-01 09:44:18 +01:00

adfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

affs

affs_lookup(): close a race with affs_remove_link()

2018-05-30 07:50:16 +02:00

afs

afs: Fix abort on signal while waiting for call completion

2017-12-20 10:07:25 +01:00

autofs4

autofs: fix autofs_sbi() does not check super block type

2018-09-19 22:47:16 +02:00

befs

befs fixes for 4.9-rc1

2016-10-15 12:09:13 -07:00

bfs

bfs: add sanity check at bfs_fill_super()

2018-12-01 09:44:19 +01:00

btrfs

Btrfs: send, fix infinite loop due to directory rename dependencies

2018-12-17 09:38:32 +01:00

cachefiles

fscache, cachefiles: remove redundant variable 'cache'

2018-12-17 09:38:34 +01:00

ceph

ceph: don't update importing cap's mseq when handing cap export

2019-01-13 10:03:54 +01:00

cifs

cifs: Fix potential OOB access of lock element array

2019-01-16 22:12:31 +01:00

coda

coda: fix 'kernel memory exposure attempt' in fsync

2017-11-24 08:33:42 +01:00

configfs

configfs: replace strncpy with memcpy

2018-11-21 09:26:03 +01:00

cramfs

Cramfs: fix abad comparison when wrap-arounds occur

2018-11-13 11:17:03 -08:00

crypto

fscrypt: use unbound workqueue for decryption

2018-08-03 07:55:20 +02:00

debugfs

dentry name snapshots

2017-08-06 18:59:43 -07:00

devpts

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

dlm

dlm: memory leaks on error path in dlm_user_request()

2019-01-13 10:03:52 +01:00

ecryptfs

do d_instantiate/unlock_new_inode combinations safely

2018-05-30 07:50:16 +02:00

efivarfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

efs

…

exofs

fs/exofs: fix potential memory leak in mount option parsing

2018-11-27 16:09:38 +01:00

exportfs

exportfs: do not read dentry after free

2018-12-17 09:38:33 +01:00

ext2

ext2: fix potential use after free

2018-12-05 19:42:40 +01:00

ext4

ext4: force inode writes when nfsd calls commit_metadata()

2019-01-09 16:16:44 +01:00

f2fs

f2fs: fix validation of the block count in sanity_check_raw_super

2019-01-09 16:16:44 +01:00

fat

fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()

2018-11-10 07:42:56 -08:00

freevxfs

…

fscache

fscache: fix race between enablement and dropping of object

2018-12-17 09:38:34 +01:00

fuse

fuse: fix leaked notify reply

2018-11-21 09:26:03 +01:00

gfs2

gfs2: Fix loop in gfs2_rbm_find

2019-01-13 10:03:52 +01:00

hfs

hfs: do not free node before using

2018-12-17 09:38:35 +01:00

hfsplus

hfsplus: do not free node before using

2018-12-17 09:38:35 +01:00

hostfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

hpfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

hugetlbfs

hugetlbfs: fix bug in pgoff overflow checking

2018-12-08 13:05:15 +01:00

isofs

isofs: fix timestamps beyond 2027

2017-11-30 08:39:04 +00:00

jbd2

jbd2: fix use after free in jbd2_log_do_checkpoint()

2018-11-13 11:16:55 -08:00

jffs2

jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-11-13 11:16:46 -08:00

jfs

jfs: Fix inconsistency between memory allocation and ea_buf->max_size

2018-08-09 12:18:00 +02:00

kernfs

kernfs: Replace strncpy with memcpy

2018-12-08 13:05:05 +01:00

lockd

lockd: fix access beyond unterminated strings in prints

2018-11-13 11:17:02 -08:00

logfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

minix

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

ncpfs

staging: ncpfs: memory corruption in ncp_read_kernel()

2018-03-28 18:39:23 +02:00

nfs

nfs: don't dirty kernel pages read by direct-io

2018-12-21 14:11:36 +01:00

nfs_common

lockd: fix "list_add double add" caused by legacy signal interface

2018-02-03 17:05:38 +01:00

nfsd

nfsd: COPY and CLONE operations require the saved filehandle to be set

2018-11-21 09:26:03 +01:00

nilfs2

do d_instantiate/unlock_new_inode combinations safely

2018-05-30 07:50:16 +02:00

nls

…

notify

fanotify: fix logic of events on child

2018-04-24 09:34:18 +02:00

ntfs

fs: remove the never implemented aio_fsync file operation

2016-10-30 13:09:42 -04:00

ocfs2

ocfs2: fix potential use after free

2018-12-17 09:38:35 +01:00

omfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

openpromfs

fs: Replace CURRENT_TIME with current_time() for inode timestamps

2016-09-27 21:06:21 -04:00

orangefs

orangefs: off by ones in xattr size checks

2018-11-10 07:42:46 -08:00

overlayfs

ovl: filter trusted xattr for non-admin

2018-04-13 19:48:12 +02:00

proc

proc/sysctl: don't return ENOMEM on lookup when a table is unregistering

2018-12-29 13:40:16 +01:00

pstore

pstore: Convert console write to use ->write_buf

2018-12-17 09:38:35 +01:00

qnx4

…

qnx6

…

quota

fs/quota: Fix spectre gadget in do_quotactl

2018-09-09 20:01:26 +02:00

ramfs

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

reiserfs

reiserfs: propagate errors from fill_with_dentries() properly

2018-11-27 16:09:38 +01:00

romfs

romfs: use different way to generate fsid for BLOCK or MTD

2017-06-17 06:41:56 +02:00

squashfs

Squashfs: Compute expected length from inode size rather than block length

2018-09-05 09:20:03 +02:00

sysfs

scsi: sysfs: Introduce sysfs_{un,}break_active_protection()

2018-09-05 09:20:10 +02:00

sysv

sysv: return 'err' instead of 0 in __sysv_write_inode

2018-12-17 09:38:32 +01:00

tracefs

fs: Replace CURRENT_TIME with current_time() for inode timestamps

2016-09-27 21:06:21 -04:00

ubifs

ubifs: Handle re-linking of inodes correctly while recovery

2018-12-29 13:40:16 +01:00

udf

udf: Allow mounting volumes with incorrect identification strings

2018-12-08 13:05:08 +01:00

ufs

ufs: we need to sync inode before freeing it

2018-11-10 07:42:49 -08:00

xfs

xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE

2018-12-08 13:05:15 +01:00

aio.c

aio: fix spectre gadget in lookup_ioctx

2018-12-21 14:11:31 +01:00

anon_inodes.c

…

attr.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-10 20:16:43 -07:00

bad_inode.c

bad_inode: add missing i_op initializers

2017-01-09 08:32:24 +01:00

binfmt_aout.c

…

binfmt_elf_fdpic.c

…

binfmt_elf.c

binfmt_elf: Respect error return from `regset->active'

2018-09-26 08:36:37 +02:00

binfmt_em86.c

…

binfmt_flat.c

…

binfmt_misc.c

fs/binfmt_misc.c: do not allow offset overflow

2018-06-26 08:08:09 +08:00

binfmt_script.c

…

block_dev.c

fs/mpage.c: fix mpage_writepage() for pages with buffers

2017-10-18 09:35:39 +02:00

buffer.c

fs: add i_blocksize()

2017-06-14 15:06:00 +02:00

char_dev.c

…

compat_binfmt_elf.c

binfmt_elf: compat: avoid unused function warning

2018-02-25 11:05:55 +01:00

compat_ioctl.c

fs: compat: Remove warning from COMPATIBLE_IOCTL

2018-04-08 12:12:44 +02:00

compat.c

compat: remove compat_printk()

2016-09-27 21:20:53 -04:00

coredump.c

coredump: Ensure proper size of sparse core files

2017-07-05 14:40:26 +02:00

dax.c

fs/dax.c: fix inefficiency in dax_writeback_mapping_range()

2018-02-28 10:18:33 +01:00

dcache.c

fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()

2018-09-15 09:42:58 +02:00

dcookies.c

…

direct-io.c

fs: fix lost error code in dio_complete

2018-12-05 19:42:40 +01:00

drop_caches.c

…

eventfd.c

…

eventpoll.c

epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove()

2017-09-07 08:35:41 +02:00

exec.c

exec: avoid gcc-8 warning for get_task_comm

2018-07-28 07:49:14 +02:00

fcntl.c

fs/fcntl: f_setown, avoid undefined behaviour

2018-01-31 12:55:52 +01:00

fhandle.c

…

file_table.c

…

file.c

fs/file: more unsigned file descriptors

2016-09-27 18:47:38 -04:00

filesystems.c

…

fs_pin.c

…

fs_struct.c

…

fs-writeback.c

bdi: Fix oops in wb_workfn()

2018-05-16 10:08:42 +02:00

inode.c

Fix up non-directory creation in SGID directories

2018-07-17 11:37:53 +02:00

internal.h

xfs: evict all inodes involved with log redo item

2017-09-20 08:20:01 +02:00

ioctl.c

vfs: cap dedupe request structure size at PAGE_SIZE

2016-09-15 13:29:52 -07:00

iomap.c

iomap: fix integer truncation issues in the zeroing and dirtying helpers

2017-09-20 08:19:59 +02:00

Kconfig

mm/hugetlb: introduce ARCH_HAS_GIGANTIC_PAGE

2016-10-07 18:46:29 -07:00

Kconfig.binfmt

…

libfs.c

libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount

2017-12-09 22:01:51 +01:00

locks.c

locking, fs/locks: Add missing file_sem locks

2016-10-18 12:21:28 +02:00

Makefile

…

mbcache.c

mbcache: initialize entry->e_referenced in mb_cache_entry_create()

2018-02-22 15:43:48 +01:00

mount.h

mnt: In propgate_umount handle visiting mounts in any order

2017-07-21 07:42:22 +02:00

mpage.c

fs/mpage.c: fix mpage_writepage() for pages with buffers

2017-10-18 09:35:39 +02:00

namei.c

namei: allow restricted O_CREAT of FIFOs and regular files

2018-12-01 09:44:25 +01:00

namespace.c

mount: Prevent MNT_DETACH from disconnecting locked mounts

2018-11-21 09:26:02 +01:00

no-block.c

…

nsfs.c

nsfs: mark dentry with DCACHE_RCUACCESS

2018-02-17 13:21:15 +01:00

open.c

fs: completely ignore unknown open flags

2017-07-12 15:01:02 +02:00

pipe.c

pipe: fix off-by-one error when checking buffer limits

2018-02-17 13:21:18 +01:00

pnode.c

mnt: Make propagate_umount less slow for overlapping mount propagation trees

2017-07-21 07:42:22 +02:00

pnode.h

mnt: Tuck mounts under others instead of creating shadow/side mounts.

2017-03-15 10:02:43 +08:00

posix_acl.c

tmpfs: clear S_ISGID when setting posix ACLs

2017-01-26 08:24:37 +01:00

proc_namespace.c

…

read_write.c

vfs: deny copy_file_range() for non regular files

2017-10-12 11:51:26 +02:00

readdir.c

…

select.c

fs/select: add vmalloc fallback for select(2)

2016-10-11 15:06:30 -07:00

seq_file.c

seq/proc: modify seq_put_decimal_[u]ll to take a const char *, not char

2016-10-07 18:46:30 -07:00

signalfd.c

…

splice.c

vfs: fix uninitialized flags in splice_to_pipe()

2017-02-23 17:44:35 +01:00

stack.c

…

stat.c

ufs: restore maintaining ->i_blocks

2017-06-14 15:06:01 +02:00

statfs.c

…

super.c

sget(): handle failures of register_shrinker()

2018-03-03 10:23:21 +01:00

sync.c

…

timerfd.c

timerfd: Protect the might cancel mechanism proper

2017-05-08 07:47:54 +02:00

userfaultfd.c

userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE

2017-12-20 10:07:18 +01:00

utimes.c

Merge remote-tracking branch 'jk/vfs' into work.misc

2016-10-08 11:06:08 -04:00

xattr.c

sysfs: Do not return POSIX ACL xattrs via listxattr

2018-10-10 08:53:22 +02:00