ksmbd: fix global-out-of-bounds in smb2_find_context_vals
commit
02f76c401d17e409ed45bf7887148fcc22c93c85 upstream.
Add tag_len argument in smb2_find_context_vals() to avoid out-of-bound
read when create_context's name_len is larger than tag length.
[ 7.995411] ==================================================================
[ 7.995866] BUG: KASAN: global-out-of-bounds in memcmp+0x83/0xa0
[ 7.996248] Read of size 8 at addr
ffffffff8258d940 by task kworker/0:0/7
...
[ 7.998191] Call Trace:
[ 7.998358] <TASK>
[ 7.998503] dump_stack_lvl+0x33/0x50
[ 7.998743] print_report+0xcc/0x620
[ 7.999458] kasan_report+0xae/0xe0
[ 7.999895] kasan_check_range+0x35/0x1b0
[ 8.000152] memcmp+0x83/0xa0
[ 8.000347] smb2_find_context_vals+0xf7/0x1e0
[ 8.000635] smb2_open+0x1df2/0x43a0
[ 8.006398] handle_ksmbd_work+0x274/0x810
[ 8.006666] process_one_work+0x419/0x760
[ 8.006922] worker_thread+0x2a2/0x6f0
[ 8.007429] kthread+0x160/0x190
[ 8.007946] ret_from_fork+0x1f/0x30
[ 8.008181] </TASK>
Cc: stable@vger.kernel.org
Signed-off-by: Chih-Yen Chang <cc85nod@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
projects / platform / kernel / linux-starfive.git / commit