lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <af57f1ac0712241242w24397e42p320283f39e7fed37@mail.gmail.com>
Date:	Mon, 24 Dec 2007 23:42:38 +0300
From:	"Oleg Gvozdev" <123.oleg@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: LINUX kernel 2.6.23: bug in CIFSSMBSetEA

Hello

In fs/cifs/cifssmb.c, in CIFSSMBSetEA (...) function wrong counting of
var exists.

EXISTING CODE:
pSMB->DataCount = sizeof(*parm_data) + ea_value_len + name_len + 1;

MUST BE:
pSMB->DataCount = sizeof(*parm_data) + ea_value_len + name_len;

REASON:
 "sizeof(*parm_data)"  counts 1 byte from "char name[1];"

So, for example in Samba server (sources/smbd/trans2.c), we can see
wrong processing of EA, cause data sent to server is bigger on 1 byte
then it must be.

See Extra info for details

--------------------------------------------- Extra info

struct fealist *parm_data;

1707 struct fea {
1708         unsigned char EA_flags;
1709         __u8 name_len;
1710         __u16 value_len;
1711         char name[1];
1712         /* optionally followed by value */
1713 };
1714 /* flags for _FEA.fEA */
1715 #define FEA_NEEDEA         0x80 /* need EA bit */
1716
1717 struct fealist {
1718         __u32 list_len;
1719         struct fea list[1];
1720 };
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ