| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Aug 2018 12:24:02 +0200
From: Nicholas Mc Guire <hofrat@...dl.org>
To: Steve French <sfrench@...ba.org>
Cc: Jerome Marchand <jmarchan@...hat.com>, linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
Nicholas Mc Guire <hofrat@...dl.org>
Subject: [PATCH] cifs: check kmalloc before use
The kmalloc was not being checked - if it fails issue a warning
and return -ENOMEM to the caller.
Signed-off-by: Nicholas Mc Guire <hofrat@...dl.org>
Fixes: b8da344b74c8 ("cifs: dynamic allocation of ntlmssp blob")
---
Problem was located with an experimental coccinelle script
Both call-sites will expect non-0 to indicate error so -ENOMEM
should be OK here. Setting buflen to 0 seems to be the expected
behavior on failure although it will not be checked/used at
the call-sites - probably this could be removed here as well as
in the handling of authentication error (preceding this change)
it was just retained for consistency.
Patch was compile tested with: x86_64_defconfig + CONFIG_CIFS=y
(with sparse and smatch warning unrelated to proposed change)
Patch is against 4.18 (localversion-next is next-20180823)
fs/cifs/sess.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 8b0502c..aa23c00 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -398,6 +398,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
goto setup_ntlmv2_ret;
}
*pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL);
+ if (!*pbuffer) {
+ rc = -ENOMEM;
+ cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
+ *buflen = 0;
+ goto setup_ntlmv2_ret;
+ }
sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
--
2.1.4
Powered by blists - more mailing lists