projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d8855f) | patch
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
authorNamjae Jeon <linkinjeon@kernel.org>
Fri, 25 Aug 2023 14:40:31 +0000 (23:40 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 6 Sep 2023 20:26:59 +0000 (21:26 +0100)
commit30fd6521b2fbd9b767e438e31945e5ea3e3a2fba
tree29edc45875155b361d05a783164e40230a6905d3tree | snapshot
parent7d8855fd849d9c3186a9e1d3085ea4aedc6e019fcommit | diff
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()

commit 4b081ce0d830b684fdf967abc3696d1261387254 upstream.

If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21940
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/smb/server/auth.c diff | blob | history
Domain: System / Kernel;