review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Sun, 31 Mar 2024 12:59:10 +0000 (21:59 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Apr 2024 14:36:02 +0000 (16:36 +0200)
commit	a637fabac554270a851033f5ab402ecb90bc479c
tree	d6231b9edc4e756aabeace0e5adb7cd3c6519974	tree \| snapshot
parent	a06562fd4ce2a7b82bc12962553453396017b3a9	commit \| diff

ksmbd: validate payload size in ipc response

commit a677ebd8ca2f2632ccdecbad7b87641274e15aac upstream.

If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc
response to ksmbd kernel server. ksmbd should validate payload size of
ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload.

Cc: stable@vger.kernel.org
Reported-by: Chao Ma <machao2019@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/ksmbd_netlink.h		diff \| blob \| history
fs/smb/server/mgmt/share_config.c		diff \| blob \| history
fs/smb/server/transport_ipc.c		diff \| blob \| history