git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Dan Carpenter <dan.carpenter@oracle.com>
	Mon, 10 Sep 2018 11:12:07 +0000 (14:12 +0300)
committer	Steve French <stfrench@microsoft.com>
	Wed, 12 Sep 2018 14:32:07 +0000 (09:32 -0500)
commit	d1ca1112ee75f4148901fc5f83c199f2fadba4d1
tree	d1ef8c358f51282c7fc382be90af5662872ac882	tree \| snapshot
parent	8cd72fc39bd315ab43fa6d2fbbcb0020d84bb962	commit \| diff

cifs: integer overflow in in SMB2_ioctl()

The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and
wrap around to a smaller value which looks like it would lead to an
information leak.

Fixes: adae83343d74 ("SMB2 FSCTL and IOCTL worker function")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
CC: Stable <stable@vger.kernel.org>

fs/cifs/smb2pdu.c

diff | blob | history

Linux Kernel Source Tree.

RSS Atom