From: Aurelien Aptel <aaptel@suse.com>
Date: Mon, 16 Sep 2019 02:28:36 +0000 (+0200)
Subject: cifs: modefromsid: make room for 4 ACE
X-Git-Tag: v5.15~5383^2~14
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0892ba693f304ce3e9ca1f0a64a5cfc051454996;p=platform%2Fkernel%2Flinux-starfive.git

cifs: modefromsid: make room for 4 ACE

when mounting with modefromsid, we end up writing 4 ACE in a security
descriptor that only has room for 3, thus triggering an out-of-bounds
write. fix this by changing the min size of a security descriptor.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---

diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
index dd95a6f..eb42834 100644
--- a/fs/cifs/cifsacl.h
+++ b/fs/cifs/cifsacl.h
@@ -45,7 +45,7 @@
  */
 #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
 			      sizeof(struct cifs_acl) + \
-			      (sizeof(struct cifs_ace) * 3))
+			      (sizeof(struct cifs_ace) * 4))
 
 /*
  * Maximum size of a string representation of a SID: