iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs/ksmbd
History
William Liu e32f867b37 ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob 
commit 797805d81baa814f76cf7bdab35f86408a79d707 upstream.

"nt_len - CIFS_ENCPWD_SIZE" is passed directly from
ksmbd_decode_ntlmssp_auth_blob to ksmbd_auth_ntlmv2. Malicious requests
can set nt_len to less than CIFS_ENCPWD_SIZE, which results in a negative
number (or large unsigned value) used for a subsequent memcpy in
ksmbd_auth_ntlvm2 and can cause a panic.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: William Liu <will@willsroot.io>
Signed-off-by: Hrvoje Mišetić <misetichrvoje@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-12 11:59:19 +01:00
..
mgmt
ksmbd: Fix resource leak in ksmbd_session_rpc_open()
2022-12-31 13:14:31 +01:00
asn1.c
asn1.h
auth.c
ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob
2023-01-12 11:59:19 +01:00
auth.h
connection.c
ksmbd: fix infinite loop in ksmbd_conn_handler_loop()
2023-01-12 11:59:19 +01:00
connection.h
ksmbd: limits exceeding the maximum allowable outstanding requests
2022-01-27 11:02:53 +01:00
crypto_ctx.c
ksmbd: remove NTLMv1 authentication
2021-09-29 16:17:34 -05:00
crypto_ctx.h
ksmbd: remove NTLMv1 authentication
2021-09-29 16:17:34 -05:00
glob.h
ksmbd: fix version mismatch with out of tree
2021-10-07 10:18:34 -05:00
Kconfig
ksmbd: set unique value to volume serial field in FS_VOLUME_INFORMATION
2021-11-18 19:16:07 +01:00
ksmbd_netlink.h
ksmbd: add reserved room in ipc request/response
2022-01-27 11:02:53 +01:00
ksmbd_spnego_negtokeninit.asn1
ksmbd_spnego_negtokentarg.asn1
ksmbd_work.c
ksmbd: reorder and document on-disk and netlink structures in headers
2021-06-30 14:47:24 +09:00
ksmbd_work.h
ksmbd: change data type of volatile/persistent id to u64
2021-07-09 08:23:16 +09:00
Makefile
misc.c
ksmbd: missing check for NULL in convert_to_nt_pathname()
2021-09-30 20:00:05 -05:00
misc.h
ksmbd: use LOOKUP_BENEATH to prevent the out of share access
2021-09-24 21:25:23 -05:00
ndr.c
ksmbd: fix error code in ndr_read_int32()
2021-12-29 12:28:57 +01:00
ndr.h
ksmbd: add user namespace support
2021-07-02 16:27:10 +09:00
nterr.h
ntlmssp.h
oplock.c
ksmbd: add buffer validation for SMB2_CREATE_CONTEXT
2021-09-30 09:58:07 -05:00
oplock.h
ksmbd: remove SMB1 oplock level macros
2021-06-30 14:43:51 +09:00
server.c
ksmbd: fix endless loop when encryption for response fails
2022-10-26 12:34:26 +02:00
server.h
ksmbd: change server config string index to enumeration
2021-06-30 14:44:01 +09:00
smb2misc.c
ksmbd: prevent out of bound read for SMB2_WRITE
2022-08-21 15:17:48 +02:00
smb2ops.c
ksmbd: add support for smb2 max credit parameter
2022-01-27 11:02:53 +01:00
smb2pdu.c
ksmbd: fix incorrect handling of iterate_dir
2022-10-29 10:12:57 +02:00
smb2pdu.h
ksmbd: add support for smb2 max credit parameter
2022-01-27 11:02:53 +01:00
smb_common.c
ksmbd: Fix user namespace mapping
2022-10-26 12:34:26 +02:00
smb_common.h
ksmbd: add support for smb2 max credit parameter
2022-01-27 11:02:53 +01:00
smbacl.c
ksmbd: fix heap-based overflow in set_ntacl_dacl()
2022-08-21 15:17:48 +02:00
smbacl.h
ksmbd: fix heap-based overflow in set_ntacl_dacl()
2022-08-21 15:17:48 +02:00
smbfsctl.h
smbstatus.h
transport_ipc.c
ksmbd: add support for smb2 max credit parameter
2022-01-27 11:02:53 +01:00
transport_ipc.h
ksmbd: throttle session setup failures to avoid dictionary attacks
2021-10-20 00:07:10 -05:00
transport_rdma.c
ksmbd: add buffer validation for smb direct
2021-10-15 09:18:29 -05:00
transport_rdma.h
ksmbd: fix typo of MS-SMBD
2021-07-22 09:55:58 +09:00
transport_tcp.c
ksmbd: fix infinite loop in ksmbd_conn_handler_loop()
2023-01-12 11:59:19 +01:00
transport_tcp.h
unicode.c
unicode.h
uniupr.h
vfs_cache.c
ksmbd: increment reference count of parent fp
2022-05-09 09:14:40 +02:00
vfs_cache.h
ksmbd: remove unused ksmbd_file_table_flush function
2021-09-03 23:29:45 -05:00
vfs.c
vfs: fix copy_file_range() averts filesystem freeze protection
2022-12-19 12:36:39 +01:00
vfs.h
ksmbd: don't align last entry offset in smb2 query directory
2022-02-23 12:03:18 +01:00
xattr.h
ksmbd: reorder and document on-disk and netlink structures in headers
2021-06-30 14:47:24 +09:00