iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
William Liu 5e7d97dbae ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob 
commit 797805d81baa814f76cf7bdab35f86408a79d707 upstream.

"nt_len - CIFS_ENCPWD_SIZE" is passed directly from
ksmbd_decode_ntlmssp_auth_blob to ksmbd_auth_ntlmv2. Malicious requests
can set nt_len to less than CIFS_ENCPWD_SIZE, which results in a negative
number (or large unsigned value) used for a subsequent memcpy in
ksmbd_auth_ntlvm2 and can cause a panic.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: William Liu <will@willsroot.io>
Signed-off-by: Hrvoje Mišetić <misetichrvoje@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-12 12:02:57 +01:00
..
9p
9p: Fix some kernel-doc comments
2022-07-02 18:52:21 +09:00
adfs
fs: Convert block_read_full_page() to block_read_full_folio()
2022-05-09 16:21:44 -04:00
affs
affs: move from strlcpy with unused retval to strscpy
2022-08-19 13:03:10 +02:00
afs
afs: Fix lost servers_outstanding count
2022-12-31 13:33:08 +01:00
autofs
autofs: remove unused ino field inode
2022-07-17 17:31:42 -07:00
befs
befs: Convert befs_symlink_read_folio() to use a folio
2022-08-02 12:34:03 -04:00
bfs
fs: Convert block_read_full_page() to block_read_full_folio()
2022-05-09 16:21:44 -04:00
btrfs
btrfs: handle case when repair happens with dev-replace
2023-01-12 12:02:55 +01:00
cachefiles
cachefiles: use vfs_tmpfile_open() helper
2022-09-24 07:00:00 +02:00
ceph
ceph: switch to vfs_inode_has_locks() to fix file lock bug
2023-01-12 12:02:23 +01:00
cifs
cifs: refcount only the selected iface during interface update
2023-01-12 12:01:55 +01:00
coda
coda: Convert coda_symlink_filler() to use a folio
2022-08-02 12:34:03 -04:00
configfs
configfs: fix possible memory leak in configfs_create_dir()
2022-12-31 13:32:22 +01:00
cramfs
cramfs: read_mapping_page() is synchronous
2022-08-02 12:34:02 -04:00
crypto
fscrypt: fix keyring memory leak on mount failure
2022-10-19 20:54:43 -07:00
debugfs
debugfs: fix error when writing negative value to atomic_t debugfs file
2022-12-31 13:31:58 +01:00
devpts
dlm
fs: dlm: retry accept() until -EAGAIN or error returns
2023-01-07 11:11:44 +01:00
ecryptfs
whack-a-mole: constifying struct path *
2022-10-06 17:31:02 -07:00
efivarfs
efi: efivars: Fix variable writes without query_variable_store()
2022-10-21 11:09:40 +02:00
efs
efs: Convert efs symlinks to read_folio
2022-05-09 16:21:45 -04:00
erofs
erofs: validate the extent length for uncompressed pclusters
2022-12-31 13:31:59 +01:00
exfat
treewide: use get_random_u32() when possible
2022-10-11 17:42:58 -06:00
exportfs
Change calling conventions for filldir_t
2022-08-17 17:25:04 -04:00
ext2
ext2: unbugger ext2_empty_dir()
2023-01-07 11:11:40 +01:00
ext4
ext4: allocate extended attribute value in vmalloc area
2023-01-07 11:12:02 +01:00
f2fs
f2fs: allow to read node block after shutdown
2023-01-04 11:29:01 +01:00
fat
treewide: use get_random_u32() when possible
2022-10-11 17:42:58 -06:00
freevxfs
freevxfs: Convert vxfs_immed_read_folio() to use a folio
2022-08-02 12:34:03 -04:00
fscache
fscache: Fix oops due to race with cookie_lru and use_cookie
2022-12-07 11:49:18 -08:00
fuse
fuse: lock inode unconditionally in fuse_fallocate()
2022-11-23 09:10:42 +01:00
gfs2
gfs2: Partially revert gfs2_inode_lookup change
2022-12-31 13:32:45 +01:00
hfs
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
2023-01-12 12:02:35 +01:00
hfsplus
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
2023-01-04 11:28:59 +01:00
hostfs
hostfs: move from strlcpy with unused retval to strscpy
2022-09-19 22:46:25 +02:00
hpfs
hpfs: Convert symlinks to read_folio
2022-05-09 16:21:45 -04:00
hugetlbfs
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
2022-12-31 13:33:05 +01:00
iomap
iomap: add a tracepoint for mappings returned by map_blocks
2022-10-02 11:42:19 -07:00
isofs
- hfs and hfsplus kmap API modernization from Fabio Francesco
2022-10-12 11:00:22 -07:00
jbd2
- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
2022-10-10 17:53:04 -07:00
jffs2
mtd: always initialize 'stats' in struct mtd_oob_ops
2022-09-21 10:38:07 +02:00
jfs
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
2022-12-31 13:32:57 +01:00
kernfs
kernfs: Fix spurious lockdep warning in kernfs_find_and_get_node_by_id()
2022-11-10 19:03:42 +01:00
ksmbd
ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob
2023-01-12 12:02:57 +01:00
lockd
lockd: set other missing fields when unlocking files
2022-12-31 13:32:00 +01:00
minix
vfs: open inside ->tmpfile()
2022-09-24 07:00:00 +02:00
netfs
netfs: Fix dodgy maths
2022-11-15 16:56:07 +00:00
nfs
nfs: fix possible null-ptr-deref when parsing param
2022-12-31 13:33:04 +01:00
nfs_common
nfsd
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
2023-01-12 12:02:44 +01:00
nilfs2
nilfs2: fix shift-out-of-bounds due to too large exponent of block size
2022-12-31 13:32:58 +01:00
nls
notify
Merge tag 'fsnotify-for_v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2022-10-07 08:28:50 -07:00
ntfs
- hfs and hfsplus kmap API modernization from Fabio Francesco
2022-10-12 11:00:22 -07:00
ntfs3
fs/ntfs3: don't hold ni_lock when calling truncate_setsize()
2023-01-12 12:02:28 +01:00
ocfs2
ocfs2: fix memory leak in ocfs2_mount_volume()
2022-12-31 13:31:58 +01:00
omfs
fs: Convert block_read_full_page() to block_read_full_folio()
2022-05-09 16:21:44 -04:00
openpromfs
orangefs
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
2022-12-31 13:33:06 +01:00
overlayfs
ovl: update ->f_iocb_flags when ovl_change_flags() modifies ->f_flags
2023-01-04 11:29:00 +01:00
proc
proc/meminfo: fix spacing in SecPageTables
2022-11-22 18:50:44 -08:00
pstore
pstore/zone: Use GFP_ATOMIC to allocate zone buffer
2023-01-04 11:28:59 +01:00
qnx4
fs: Convert block_read_full_page() to block_read_full_folio()
2022-05-09 16:21:44 -04:00
qnx6
fs/qnx6: delete unnecessary checks before brelse()
2022-09-11 21:55:07 -07:00
quota
ext4: fix bug_on in __es_tree_search caused by bad quota inode
2023-01-07 11:11:59 +01:00
ramfs
tmpfile API change
2022-10-10 19:45:17 -07:00
reiserfs
reiserfs: Add missing calls to reiserfs_security_free()
2022-12-31 13:33:10 +01:00
romfs
romfs: Convert romfs to read_folio
2022-05-09 16:21:46 -04:00
smbfs_common
smb3: define missing create contexts
2022-10-05 01:55:27 -05:00
squashfs
squashfs: fix buffer release race condition in readahead code
2022-10-28 13:37:21 -07:00
sysfs
sysv
fs: sysv: Fix sysv_nblocks() returns wrong value
2022-12-31 13:32:00 +01:00
tracefs
tracefs: Only clobber mode/uid/gid on remount if asked
2022-09-08 17:10:54 -04:00
ubifs
Random number generator fixes for Linux 6.1-rc1.
2022-10-16 15:27:07 -07:00
udf
udf: Fix extension of the last extent in the file
2023-01-12 12:02:34 +01:00
ufs
ufs: replace ll_rw_block()
2022-09-11 20:26:07 -07:00
unicode
vboxsf
vboxsf: Convert vboxsf to read_folio
2022-05-09 16:21:46 -04:00
verity
for-6.1-tag
2022-10-06 17:36:48 -07:00
xfs
xfs: rename XFS_REFC_COW_START to _COWFLAG
2022-10-31 08:58:22 -07:00
zonefs
zonefs: Fix active zone accounting
2022-11-25 17:01:22 +09:00
aio.c
aio: use atomic_try_cmpxchg in __get_reqs_available
2022-09-11 21:55:08 -07:00
anon_inodes.c
dynamic_dname(): drop unused dentry argument
2022-08-20 11:34:04 -04:00
attr.c
vfs: Check the truncate maximum size in inode_newsize_ok()
2022-08-08 10:39:29 -07:00
bad_inode.c
vfs: open inside ->tmpfile()
2022-09-24 07:00:00 +02:00
binfmt_elf_fdpic.c
binfmt: Fix error return code in load_elf_fdpic_binary()
2023-01-04 11:29:00 +01:00
binfmt_elf_test.c
binfmt_elf.c
fs/binfmt_elf: Fix memory leak in load_elf_binary()
2022-10-25 15:11:21 -07:00
binfmt_flat.c
binfmt_misc.c
binfmt_misc: fix shift-out-of-bounds in check_special_flags
2022-12-31 13:32:57 +01:00
binfmt_script.c
buffer.c
- hfs and hfsplus kmap API modernization from Fabio Francesco
2022-10-12 11:00:22 -07:00
char_dev.c
chardev: fix error handling in cdev_device_add()
2022-12-31 13:32:41 +01:00
compat_binfmt_elf.c
coredump.c
- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
2022-10-10 17:53:04 -07:00
d_path.c
d_path.c: typo fix...
2022-08-20 11:34:33 -04:00
dax.c
Merge branch 'for-6.0/dax' into libnvdimm-fixes
2022-09-24 18:14:12 -07:00
dcache.c
tmpfile API change
2022-10-10 19:45:17 -07:00
direct-io.c
block: remove PSI accounting from the bio layer
2022-09-20 08:24:38 -06:00
drop_caches.c
eventfd.c
eventfd: provide a eventfd_signal_mask() helper
2023-01-04 11:28:48 +01:00
eventpoll.c
eventpoll: add EPOLL_URING_WAKE poll wakeup flag
2023-01-04 11:28:47 +01:00
exec.c
23 hotfixes.
2022-10-29 17:49:33 -07:00
fcntl.c
keep iocb_flags() result cached in struct file
2022-06-10 16:10:23 -04:00
fhandle.c
do_sys_name_to_handle(): constify path
2022-09-01 17:36:39 -04:00
file_table.c
locks: fix TOCTOU race when granting write lease
2022-08-16 10:59:54 -04:00
file.c
fs: use acquire ordering in __fget_light()
2022-10-31 15:30:11 -04:00
filesystems.c
fs_context.c
fs_parser.c
ext4: journal_path mount options should follow links
2023-01-07 11:11:59 +01:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fs: do not update freeing inode i_io_list
2022-11-22 17:00:00 -05:00
fsopen.c
uninline may_mount() and don't opencode it in fspick(2)/fsopen(2)
2022-05-19 23:25:10 -04:00
init.c
inode.c
saner inode_init_always()
2022-10-06 16:49:00 -07:00
internal.h
whack-a-mole: constifying struct path *
2022-10-06 17:31:02 -07:00
ioctl.c
Kconfig
hugetlb: make hugetlb depends on SYSFS or SYSCTL
2022-09-11 20:26:10 -07:00
Kconfig.binfmt
Xtensa updates for v6.1
2022-10-10 14:21:11 -07:00
kernel_read_file.c
fs/kernel_read_file: allow to read files up-to ssize_t
2022-06-16 19:58:21 -07:00
libfs.c
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
2022-12-31 13:31:58 +01:00
locks.c
filelock: new helper: vfs_inode_has_locks
2023-01-12 12:02:22 +01:00
Makefile
a.out: Remove the a.out implementation
2022-09-27 07:11:02 -07:00
mbcache.c
ext4: fix deadlock due to mbcache entry corruption
2023-01-07 11:12:02 +01:00
mount.h
switch try_to_unlazy_next() to __legitimize_mnt()
2022-07-05 16:18:21 -04:00
mpage.c
Folio changes for 6.0
2022-08-03 10:35:43 -07:00
namei.c
vfs: vfs_tmpfile: ensure O_EXCL flag is enforced
2022-11-19 02:22:11 -05:00
namespace.c
fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts
2022-08-17 11:27:11 +02:00
no-block.c
nsfs.c
dynamic_dname(): drop unused dentry argument
2022-08-20 11:34:04 -04:00
open.c
struct file-related stuff
2022-10-06 17:13:18 -07:00
pipe.c
dynamic_dname(): drop unused dentry argument
2022-08-20 11:34:04 -04:00
pnode.c
pnode: terminate at peers of source
2023-01-04 11:29:01 +01:00
pnode.h
posix_acl.c
- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
2022-10-10 17:53:04 -07:00
proc_namespace.c
vfs: escape hash as well
2022-06-28 13:58:05 -04:00
read_write.c
vfs: fix copy_file_range() averts filesystem freeze protection
2022-11-25 00:52:28 -05:00
readdir.c
Change calling conventions for filldir_t
2022-08-17 17:25:04 -04:00
remap_range.c
- The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe
2022-08-05 16:32:45 -07:00
select.c
seq_file.c
rxrpc: Fix locking issue
2022-05-22 21:03:01 +01:00
signalfd.c
splice.c
iter_to_pipe(): switch to advancing variant of iov_iter_get_pages()
2022-08-08 22:37:23 -04:00
stack.c
stat.c
vfs: support STATX_DIOALIGN on block devices
2022-09-11 19:47:12 -05:00
statfs.c
super.c
fscrypt: fix keyring memory leak on mount failure
2022-10-19 20:54:43 -07:00
sync.c
riscv: compat: syscall: Add compat_sys_call_table implementation
2022-04-26 13:36:25 -07:00
sysctls.c
timerfd.c
userfaultfd.c
fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
2022-11-07 12:58:26 -08:00
utimes.c
xattr.c
fs: don't audit the capability check in simple_xattr_list()
2022-12-31 13:31:55 +01:00